Trapwall

Ensure reliability as a basis for analyzing network infringement of major organizations And functional verification for analysis.

High performance traffic extraction. Extract up to 100 files per second based on 1MB file size and ensure integrity. Supports detection and extraction of file transfer history based on 110 protocols such as HTTP, SMTP, and FTP. PCAP collection. Lossless traffic acquisition and storage based on High-performance capture. Support long-term and separate archiving of suspicious traffic. ThreatFlow. Generate ThreatFlow optimized for threat assessment based on L2 ~ L7 analysis, threat detection, and file extraction information. High-speed search and threat analysis using ThreatFlow field-based Display Filter. Flexible expansion / optimization. Support flexible sharing system for information linkage and linkage analysis (Syslog, Restful,  DB Direct). Provides quick technical support and customization for existing operating system.

What Trapwall Can

• Precise analysis of new threats based on file extraction and forensics (transferable)CAN
• Pattern-based detection and detailed threat per-session information via ThreatFlow
• Analysis of service access log based on Advanced Log Generator
• Analysis and report on anomaly signs and behaviors
• Establish a preliminary identification and response strategy for infringement trial group

What is main features of Trapwall

All-in-One solution for network intrusion detection, forensics and anomaly analysis

Delivered attack management solution (Trapwall) as a network forensic expert. Possible to add interface to the solution on top of supporting protocols(HTTPS, FTPS, NFS, SCP Channel). Optimization (NFS, SCP Channel) function for manager transmission to collected PCAP in addition to attack information (Negotiable)

Network-based intrusion detection, forensic and anomaly detection

Active threat analysis that collects and analyzes Layer 2 ~ 7 information such as sessions, protocols, and transfer files from traffic. Provides features for ThreatFlow-based rapid threat analysis and PCAP/file-based traffic analysis in detail. Support NIDS based detection policy, ThreatFlow-based statistics, traffic trend & APT attack detection through anomaly analysis.

ThreatFlow: Practical and effective progress of NetFlow

Generate data structures using DPI analysis information to determine actual behavior at the application layer
Provides entire network analysis environment for L2~L7 including information of L7 analysis, NIDS, file extraction and threats. Provides network threat analysis based on NIDS, threat detection information and fast search function.

Provide Display Filter based search UI considering ThreatFlow field-specific characteristics

Provides network threat analysis based on NIDS, threat detection information and fast search function. Provides matching, mismatch, inequality, Subnet search considering various types of ThreatFlow field characteristics such as integer type and string. Provides combinational search of multiple fields using AND, OR, and parentheses