The vendor states that the capture engine will capture and store data at full Gigabit Ethernet line rate. We configured the engine to capture the entire Internet feed for a major university, averaging 250 Mbps. At this average, and with the storage system configured as a RAID 5 array, InfiniStream held approximately 24 hours of data. This is a "your mileage may vary" number. InfiniStream easily kept up with the data stream of our test situation, and left no mysterious voids in any transactions we examined.
InfiniStream is marketed as a network forensics device, and evidence of security compromises is stored on the system's hard disk. After an IDS points to a problem, an administrator may examine the data packets by using either the InfiniStream data-mining tool, more traditional Sniffer packet-analysis products or application playback.
Before initiating a search, you should have an idea of what you're looking for. The graphical interface of the data-mining tool makes it easy to define a time span, a set of IP addresses, and a set of services and protocols that you want to see. The results are displayed in panes within the window, and clear controls let you scroll through the data, watching conversations and interactions. The screens don't let you look at individual packet contents, though, and the ease with which you can find higher-level information makes this shortcoming stand out. It's hard to criticize a product for failing to do something it never promised, but the InfiniStream system will be far more useful when there's tighter integration between it and the other products in the Sniffer family.
You can take a deep peek at packet contents by saving the mining results and moving the file to a system with a Sniffer monitoring product, such as Sniffer Distributed or Sniffer Basic. Moving the data doesn't take much time, though the extra step can prove annoying.
The annoyance level goes down, however, when you begin to look at the application replay capabilities of InfiniStream. When the license for application replay is installed, you can replay sessions involving HTTP, FTP, VoIP, SSH, HTTPS, POP3, SMTP, IMAP4 and IRC protocols. You can, in fact, be very, very nosy. The replay feature not only lets you use InfiniStream to follow up on intrusion-detection alerts, but makes it possible to watch and record the activities of individual users stretching over a much longer period of time.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
