Network Traffic Surveillance System

Clusterpoint’s Network Traffic Surveillance System (NTSS) captures, indexes and stores all content and communications that are transacted across the network.

Clusterpoint NTSS works independently of our customer's network switching infrastructure, and can use any equipment from manufacturers of networking gear. 

NTSS is capturing raw IP traffic flow from any available network source (normally some Ethernet port), and reconstructs that traffic back into application level objects.  The reconstructed traffic data is stored along the original IP packets into Clusterpoint's scalable and searchable database: Clusterpoint Server.  NTSS database is accesible for instant search, traffic inspection and analyses using secure Web browser access.

Typically positioned at the Internet boundary (on the management-port of a switch or network tap) enables immediate visibility of e-mails sent/received, web-pages viewed, web postings, web-mail, instant messaging chat conversations, files transferred and attachments in an intuitive and easy-to use web GUI.

Text, images and additional data (e.g. Meta data and properties) are extracted and indexed from all relevant communications and files (including Office documents) then stored as XML format in a unique Clusterpoint database that enables instantaneous Google-style relevancy search and full reconstruction of that content with a single click.

Please see a short video explaining NTSS basics and demonstrating interface functionality: Click here.

The NTSS system is designed to meet the increasing need of corporate governance, electronic records management and regulatory compliance associated with communications transacted to/from the legal entity of the organisation,

Whatever the organisation’s retention policies or volume of content to be retained, NTSS effortlessly scales (using clustering) to meet those requirements while maintaining immediacy of retrieval, easy maintenance and low TCO.

Full reconstruction of user activity
Instant reconstruction and review of IM conversations, Blog postings, web pages (including web-mail), files transferred, e-mails, images (as thumbnails) and documents. Also view as XML, HTML and HEX.

Truly language independent
Capture, index, search and review any UTF-8 text extracted from content regardless of language used, e.g. English, French, German, Greek, Arabic, Hebrew, Chinese, etc.

Instantly pivot on any cross-referenced data point
Immediately pivot review on contextual data, e.g. IP/MAC address, e-mail address or FTP and IM user name, Protocol, port number, traffic direction, timestamp, cookie, Keyword(s), MIME type, Meta data, etc.

Search all captured content
All captured content is indexed and searchable including text and Meta data (title, date, time, author, etc.) as well as Microsoft Word, Excel and
PowerPoint, and PDF documents.

Advanced linguistic and Boolean search
Search all content by keyword(s), exact phrases, partial keyword(s), proximity searches, Boolean logic, keyword inclusion/exclusion and instant keyword spelling/alternative suggestions.

Instantaneous search
Search over 400GB of content in less than half a second, and with more complex queries in less than 5 seconds (on a single appliance); and maintain similar search times with Terabytes of data via clustering.

Scalable capture and data retention
Scales linearly through clustering to support line rates up to 1Gbit/s and data retention policies up to 10 years for raw IP and reconstructed data.

Use scalability of Clusterpoint NTSS to match requirements of your organization size and number of employees:

Use scalability of Clusterpoint NTSS to match requirements of your corporate data retention policy and time period:

Management reports
Top X users/abusers, segmented by Protocol (HTTP/S, SMTP/POP3, IM, FTP, etc.), MIME type (Word docs, PDFs, etc.), Period (date and time slice), Volume (MB, GB, TB, etc.), Ratios (web:e-mail, web: IM, images:video, etc.) and Trend (increase/decrease, spike/anomaly, etc.)

Traffic filtration
Comprehensive traffic filtering rules accommodate Organisational policies for retaining/ignoring certain traffic types, domains or users.

Audited role-based user access
NTSS employs strict user rights management to enforce roles-based interaction with the system, complete with a full audit trail of who accessed what and at what privilege level. Roles can include SysAdmin, Investigator and Auditor, each with appropriate (restricted) access to either the system or the data/content within.

Real-time alerting
Investigators and Auditors can be alerted in real-time when specific, user-defined, criteria are matched, such as “content matching”. SysAdmin can be alerted upon an important system status change, and can also remotely monitor the status of the NTSS appliance via SNMP agent.

Open standards architecture
All content, text, META and reference data, including application level information about e-mails, files, web pages etc. is retained in Clusterpoint Server - open XML standards based Clusterpoint DBMS, enabling easy data export and import into/from 3rd party security applications, video camera recording systems, entry control systems and other access and security tools.

A fully documented Clusterpoint Application Program Interface (API) is also available for developers.

How to test drive NTSS
For interested corporate parties and our technology partners we offer to test drive NTSS, which can be shipped as a turn-key appliance to your location for a limited time-period use.

Please Contact us with your questions to learn more about NTSS.

You are also welcome to submit Test Drive Clusterpoint NTSS request about the product evaluation availability at your location.