AIMon for Government

DEEP PACKET INSPECTION ENGINE

Anti-Scam

Online scams and phishing websites are increasingly prevalent and it is critical for governments to take a multi-pronged approach to combat against such scams. AIMon can be used to perform real-time blacklisting (over 5 million blacklist signatures) without compromising network latency and bandwidth. AIMon also provides phishing website detection through the use of advanced machine learning techniques.

Legal Enforcement

AIMon can be deployed inline to support regulatory and legal enforcement requirements through blocking, traffic shaping and redirection.

Features

We foster a culture of collaboration, leveraging the diverse expertise of our team and forging partnerships with customers to achieve shared success in combating network and cyber threats

Deployment

  • Inline or passive (port mirroring or tap) probe.
  • Can be deployed as a virtualised solution in all major cloud providers as well as a local virtual machine image or Docker.
  • Support of a variety of packet capture cards.

Inline Capabilities

  • Ability to block traffic by:
    • Application
    • Content category
    • Custom signature matching
  • Ability to shape traffic with a configurable rate per policy.

Export Capabilities and Formats

  • Real-time logging of Internet Protocol Detail Records (IPDR) in CSV and JSON format.
  • Streaming of flows over IPFIX, Kafka and syslog.

High-Resolution Visibility

  • Over 60k protocol and application signatures together with a powerful classification engine to provide a granular view of traffic usage.
  • Identification of services like VoIP, chat and file transfer within complex applications like OTT apps.
  • Automatic decapsulation of all tunnels (GTP, L2TP, GRE, IPv6-in-IPv4, Teredo etc.).
  • Traffic classification into IAB groups (Government, Gambling, Social etc.).
  • Ability for users to load their custom signatures as well as to develop and load their modules.

Guaranteed Performance and Scalability

  • Real-time analysis of flows up to 80 Gbps for inline probe.
  • Real-time analysis of flows up to 120 Gbps for passive probe.
  • Range of probes from 1U to 2U.
  • Performance is tested with all features enabled.
  • Advanced telemetry to monitor the health of the probe and detection KPIs. Telemetry available both as Web API and SNMP.

Advanced features

  • Ability to record and/or forward traffic that matches selected applications.
  • Operates on IPv4 and IPv6 fragmented traffic.
  • Operates both on bidirectional and unidirectional traffic.
  • TLS decryption when decryption keys are provided (offline traces only).
  • Ability to read from offline (PCAP) traces via directory polling.