A Complete Packet Capture Appliance
& Network Security Platform

Whether you are trying to troubleshoot a networking issue or responding to a security incident, SentryWire can provide you full visibility into your network traffic, past & present.

 
SentryWire-Packet-Capture-Appliance-230-1.png
 

Overview

SentryWire is a Full Packet Capture Appliance and Network Security Platform that is based on a unique capture and storage architecture which breaks the performance, scalability and expense barriers of existing frameworks. SentryWire supports capture rates from 1Mbps to +1Tbps, while providing real-time filtering and allowing retention of network traffic for weeks, months and even years at price points that can be less than 50% the cost of other systems.

Imagine a Hadoop like architecture that is engineered to scale out compute and storage to provide the fastest search in the industry even in packet stores of 100PB's. The SentryWire system has high-speed packet recording with real-time analytics, visualization, and BPF-syntax filters. The system detects intrusions, minimizes damage caused by breaches and enables complete packet level analysis of any incident.

The SentryWire Packet Capture Platform allows an extended timeline of traffic to be recorded and analyzed at commodity prices using new or existing analytics. Why is it important to have an extended timeline of packet traffic stored? Because we know on average it takes 146 days to detect certain state sponsored intruders in a network and without a high fidelity recording of the network traffic enterprises cannot make a definitive determination of when intruders got in, how they got in or exactly what data was ex-filtrated.

SentryWire Solutions

 

Threat
Hunting

Incident
Response

Network
Troubleshooting

Carrier Grade
Solutions

 

Featured Capabilities

 
Packet Capture Lines Circles 1 54 54 1.png
 

Full Packet Capture

Capturing just Metadata does not
produce a high fidelity record of Traffic.

Magnify Glass Icon 1 54 54 1.png
 

Powerful & Fast Search

Search Petabytes of Network Traffic
in Minutes.

Calendar Icon 1 54 54 1.png
 

Extended Timeline

Network Traffic Stored for Weeks,
Months or Years.

 
Orange Speed Icon 1 54 54 1.png
 

Fast Capture Speed

Capture Speeds from 1Mbps to +1Tbps.

Intrusion Detection Icon 1 54 54 1.png
 

Intrusion Detection

Present Day Intrusion Detection limits Breaches.

Analytics Icon 1 54 54 1.png
 

Visualization & Analytics

3D Visualization + Integrated Commercial, Open Source & Custom Analytics.

 
SentryWire IDS Search Icon V2 54 x 54-01-01.png
 

IDS Search Back

Use IDS signatures to search back across previously recorded packets to forensically detect & identify events using attributes and indicators relevant to today.

SentryWire Network Operations Icon 1 54 x 54 2-01.png
 

Network Operations

Collect packets and produce a variety of logs to track network performance metrics.

SentryWire Recording Icon 1 54 x 54-01.png
 

Artifact Extraction

SentryWire does not truncate or slice any packets it captures, this allows for the return of fully sessionized PCAPs & provides the ability to extract file artifacts with ease via the UI.

 

Full Network Packet Capture

Packet Capture Lines Circles 1 54 54 1.png

Line rates 1Mbps to +1Tbps, lossless and continuous capture. This isn't just packet inspection and retention of the meta data from that inspection - we capture and store all the network IP Packets so it can be filtered against known signatures and also be continuously inspected and analyzed for signatures that materialized after the traffic was filtered, collected and stored. We know, on average, perpetrators are in the network for 146 days before being discovered, so it's critically important to have an extended timeline of packets available for analysis.

 
SentryWire Basic Overview Diagram Bottom Graphic 1 2021.png
 
 

Powerful & Fast Search

Magnify Glass Icon 1 54 54 1.png

Because of our architecture, we scale search when we scale compute and storage, meaning that our searches occur over smaller data stores, dramatically improving search results. Searches often produce a very large PCAP file that we tranche down to digestible bites so that search results are streamed almost immediately and don't bog down the network. SentryWire’s Federation Manager is a Single Pane of Glass management console that monitors and initiates searches across the entire infrastructure.

SentryWire Search Graphic 1 Landscape SentryWire Search 1 No PB 1 Combined 2 (4).png
 
 

Extended Packet Capture Timeline

Calendar Icon 1 54 54 1.png

Forensics for incident response and post-breach activities. Even with the best enterprise security tools deployed in multiple layers and depth, organizations that are breached find they need to reach back more than 146 days from the discovery of the breach to get to the root of the problem and determine which data were accessed and exfiltrated. Or for the non-security use cases, unscheduled outrage root cause analysis often requires a similar timeline of high fidelity data to be accessible. SentryWire provides real-time filtering, logging and retention of network traffic for weeks, months and even years at price points that can be less than 50% the cost of other systems.

 
 
Sentrywire Storage Days Months Years Graphic Black 1.png
 
 
 
Sentrywire Capture Capacity Graphic 1 (1).png
 

Fast Capture Speeds

Orange Speed Icon 1 54 54 1.png

We guarantee the best lossless capture performance on the market. Our capture rates, as well as the rates we move the packets around inside the appliance and the cluster nodes, have been architected and engineered to continuously capture, even the burstiest traffic. We can scale to the fastest current market bandwidths (100Gbps to +1Tbps) and our architecture can continue to grow with network bandwidth capabilities.

 
 

Intrusion Detection

Intrusion Detection Icon 1 54 54 1.png

SentryWire uses Suricata, an open source, mature, fast and robust network threat detection engine. Suricata is capable of real time intrusion detection (IDS), network security monitoring (NSM) and offline PCAP processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana and other database become effortless.

 
SentryWire-Packet-Capture-Appliance-230-1.png
 
 
 
 
SentryWire Overview Compliance Page 1.png
 

Compliance

SentryWire Checklist Icon 54 x 54 1.png

SentryWire can help support an organization’s audit and compliance requirements by maintaining an authoritative record of network activity.  Whether focusing on North/South or East/West network traffic, SentryWire’s ability to capture and store hundreds of day’s worth of traffic provides auditors with definitive evidence of what took place in your network.

 
 

Visualization & Analytics

Analytics Icon 1 54 54 1.png

With SentryWire's Application Node and our RESTful API you can instrument to the world's leading commercial, open source and custom visualization platforms including 3D interfaces that allow security engineers to isolate anomalous activity. SentryWire's instrumentation to existing tools provides log correlation and aggregation visualization solutions with fast and seamless access to metadata logs.

 
SentryWire+Application+Node+Diagram+1+493+x+293+1 (1).png
 

Technology Partners

SentryWire-+-Splunk-1 (1).png

SentryWire partners with the leading Security Solution Providers to extend the power of our Packet Capture Platform. This ecosystem of partner technologies includes Governance, Risk Compliance Management Platforms, Intrusion Detection Systems, Behavior Based solutions, hardware and OS providers, other security and industry solutions. SentryWire’s industry standard RESTful API allows for easy integration to any commercial, custom or open source application. An example of our integration with our technology partners is Splunk. SentryWire’s integration to Splunk provides a powerful enhancement to your organizations ability to effectively identify, analyze, and act on network issues. Leveraging the comprehensive capture of organization packets from SentryWire and Splunk’s unparalleled ability to correlate and analyze machine data from a variety of sources allows your organization to handle the investigative process in the lowest possible time to resolution.

SentryWire_SOC_Dashboard___Splunk_7_2_4_2_and_Mail_-_chris_roffe_alliance-it_com_and_Slack_-_Alliance_Technology_G.png
Splunk-Screenshot-1 - Copy.PNG


Other Technology Partners

Continually Improving
Latest Software Updates

  • MD5 Hashing

  • View file objects and extract files from network packets, export and reconstitute file artifacts captured from your network via SentryWire’s Web UI

  • JA3 Hashing & Threat Enrichment

    • SentryWire leverages JA3 hashing to identify indicators of compromise (IOC) without access to an encrypted stream, JA3 fingerprinting works for all TLS/SSL enabled protocols and provides visibility for proactively stopping C2 communications to prevent further infection.

  • GeoIP Enrichment

    • Enrich SentryWire metadata log records with geospatial data, analyze and visualize IP traffic based on location.

  • Enhanced Analytics via Kibana

    • Visualize and navigate network log data through interactive dynamic dashboards, explore anomalies, display results as time series, and create custom dashboards to find visual relationships within your network.

  • Advanced Analytics and Statistical Baselining Based on Specific Network Attributes

    • Traditional manual methods for analyzing data fail when it comes to the sheer volume of data network traffic can generate on a daily or even hourly basis. By leveraging Elastic, SentryWire is able to baseline network traffic and any alerts that are generated by calculating the probability of a network attribute or alert value is anomalous based on its historical behavior (volume, packet attributes, time series and more).

    • Accurate identification of network attributes or alerts of interest in an automated fashion reduces alert and analyst fatigue by highlighting the relevant subset of your network data.

  • Network Operations Analytics

    • SentryWire includes in browser packet analysis to identify and troubleshoot common network problems at the packet level, sessions are reconstructed and each individual packet stream can be broken out individually.

    • Network Operations dashboards have been added to the Investigator for visual identification of connectivity issues, network congestion, oversubscription of network infrastructure, DHCP issues and more.

    • Additional network ops centric logs have been added and existing logs have been extended with additional data fields.

Pick your SentryWire System!

Browse the different SentryWire Solutions to find the one that is perfect for your organization.

 
SentryWire Sentry Box Units HPE Servers 1 New Dashboard 2021 1 500 x 203.png