| Feature | Support | CySight |
|---|---|---|
| Web based GUI | Yes | Client Browser Requirements The client PC must have the following installed: Firefox, Chrome or Internet Explorer supporting SVG/HTML5. https://cysight.ai/forum/viewtopic.php?f=28&t=19 |
| User/group dependant views | Yes | CySight provides 3 user group roles; Administration, Operation and Customers. An Administration user has full privileges on all data and on all screens, no extra authorization is needed. An Operational user is limited by the Devices he is authorized to analyze. A Customer user is only able to generate analysis subject to the limitation of specified interfaces and/or accounts. Where Accounts correlate to preconfigured IP Allocations or AS Numbers. IP allocations can be IPv4 or IPv6. The User can be Authenticated with SSO using LDAP. https://cysight.ai/forum/viewtopic.php?f=30&t=197 https://cysight.ai/forum/viewtopic.php?f=36&t=190 |
| Pie-chart, bar chart and table data presentation | Yes | Chart Type The icons to the right of the chart allow different chart types to be displayed for the Forensics report criteria. Available Chart types are: • Line Time Chart - Displays a comparative line chart of all elements • Stacked Area Time Chart - Displays an aggregated line chart of all elements • 3D Bar Chart - Displays a comparative total of the data. • Bar Chart - Displays a comparative total of the data. • 3D Stacked Bar Chart - Displays a stacked view of graphs with 2 dimensions. • Stacked Bar Chart - Displays a stacked view of graphs with 2 dimensions. • 3D Pie Chart - Displays a comparative total of the data. • Pie Chart - Displays a comparative total of the data. Table Data the grid column item with a single left-click will add the item value as a criteria and drill down to the flow detail. The grid allows the grid line record to launch popup menu by means of a right-click to drill down when the chart is hidden by the Image Image graph hide/show icon. As you drill into the graphs the criteria will be inherited for each period highlighted or chart or grid item selected. https://cysight.ai/forum/viewtopic.php?f=30&t=211 |
| Customisable home page per user | Yes | Each User can change their own defaults including time zone and landing pages. Each user can also have their own Report/Alerting screens and Report Repository. https://cysight.ai/forum/viewtopic.php?f=30&t=197 https://cysight.ai/forum/viewtopic.php?f=30&t=202 |
| Archiving of real-time data | Yes | Real-Time - Real-time analytics for QoS, performance optimization, compliance and root-cause discovery. Real-Time provides enhanced troubleshooting and forensic capabilities for today’s complex networks. Long-Term - Historical trending for capacity planning, traffic accounting and service level analysis. Long-Term trending processing provides a robust fully automated end-to-end Network knowledge base to enable you to baseline, plan and profile the use of any element within your network. Long-Term trending equips management with the knowledge to better understand IT resource and network usage enabling an organization to maximize operational efficiency. https://cysight.ai/forum/viewtopic.php?f=30&t=245 |
| Recording of all flow data (not just TopN), in at least 1 minute resolution | Yes | CySight specializes in providing full collection and full archival where its required and practical. Our ability to retain granular data for full compliance data retention is unsurpassed in the market place today. Comprehensive statistics screen available for per minute per device collection qualification. https://cysight.ai/forum/viewtopic.php?f=30&t=245 |
| Must be able to keep recorded data indefinitely (storage dependant) | Yes | Auditor creates the long-term and the real-time data bases simultaneously. Granularity of real-time and long-term data can be changed to suit your needs. Real-time is all NetFlow fields, one minute granularity. Typically the real-time is used for trouble shooting, forensics, alerting, threat detection, etc. The default retention for real-time is 7 days. The default retention for long-term is 12 months. You may retain real-time and long-term data for as long as you like, subject to disk storage. https://cysight.ai/forum/viewtopic.php?f=64&t=163 |
| Must support NetFlow, IPFIX, sFlow, jFlow, cFlow, Nortel IPFIX, NetStream, Flexible NetFlow | Yes | Full Support of all flow protocols including NetFlow, IPFIX, sFlow, jFlow, cFlow, Nortel IPFIX, NetStream, Flexible NetFlow and Cisco ASA, Cisco WLC, DNS Flows, Ixea Flows, Ipv6, NBAR, Nexus. Additional support for Mac Address and MPLS determination. |
| Must be able to analyze NSEL data from Cisco ASA | Yes | Full support of all NSEL data and unique cross-sectional analytics. Default ASA reports on menu or create your own mix of fields using the custom filter and save templates: Flow ID, XLate Detail, AAA UserName: Summary, Top X per Y: Flow Initiator, Application, Talkers, Flow Detail Event: Summary Top X per Y: Ext Event, Flow Detail Ingress ACL: Full ID, Name ID, Entry ID, Flow Detail, Top X per Y: Event, UserName, Application Egress ACL: Full ID, Name ID, Entry ID, Flow Detail, Top X per Y: Event, UserName, Application Flow Initiator: Summary, Top X per Y: Application, Firewall Event, UserName Application: Summary, Top X per Y: UserName, Firewall Event, Ingress ACL, Egress ACL |
| Access to reports using customizable URLs (user dependent) | Yes | Forensics reports are driven by parameters which can be defined in the "Custom Forensics" screen. Most of the Period and Criteria parameters are compatible with Multiviews and Visualization allowing drill down between them. |
| Drill-down analysis in created reports | Yes | The drill-down functionality of CySight gives the user single point analysis of traffic from the charting applet. All charts can be analyzed through the drill-down menu by using the right-click button of the mouse. https://cysight.ai/forum/viewtopic.php?f=30&t=27 |
| Reports can be exported to CSV, XML, HTML or PDF | Yes | A Forensics scheduled report can be created as CSV, HTML or PDF format report.
A Multiview scheduled report can be created as CSV and PDF format. https://cysight.ai/forum/viewtopic.php?f=30&t=202 |
| Must support bidirectonal reporting (bidirectional flows) | Yes | Comprehensive bidirectional reporting including ability to deduplicate data in series and multiple ingress/egress on same device. We enable deduplication by default but some reports specifically don’t warrant it however it can be enabled/disabled on a per report basis and where desired saved to a template or scheduled report. There are 3 kinds of deduplication that we do: 1) When devices are in series. 2) When ingress and egress is enabled on a single device at the same time 3) Both 1 and 2 Where ingress and egress is enabled on a single device then the exporter must support the flow direction field which in Cisco/IPFIX land is a v9/Flexible netflow/IPFIX field. We have options on how traffic should be reported in the default case or on a case by case report. For example when you are studying data moving into a traffic compression device like a WAAS then understanding the egress is beneficial and when studying the uncompressed side ingress is beneficial. https://cysight.ai/forum/viewforum.php?f=74 https://cysight.ai/forum/viewtopic.php?f=74&t=182 |
| Can be installed on both Windows and Linux based OS | Yes | Installation Note: CySight for Windows Linux CentOS Installation Linux RedHat Installation CySight Enterprise Installation Instructions CySight Linux Installation Instructions CySight Windows Installation Instructions https://cysight.ai/forum/viewforum.php?f=28 |
| Supports SNMPv3 | Yes | CySight provides the ability to use SNMPv3 for Device queries as well as communication with trap servers providing a true end-to-end encrypted process. https://cysight.ai/forum/viewtopic.php?f=30&t=257 |
| Definition of alarms for exceeding custom threshold or baseline values | Yes | Most comprehensive threshold and baselining capability available in flow based analytics today. Statistical baselines are learned for each measurement profile: Standard Deviations, Averages, Minimums and Maximums. Current and previous Intelligent Baseline Network Behavior Anomaly Detection Alerts (Baseline Alert or IB-NBAD) can be viewed from the Alerts Screen. The alerts where the majority of baselines have been breached over the last period selected will show at the top of the alert page. https://cysight.ai/forum/viewtopic.php?f=30&t=226 |
| Saving of custom filters used when creating reports | Yes | Forensics reports are driven by parameters which can be defined in the "Custom Forensics" screen. Most of the Period and Criteria parameters are compatible with Multiviews and Visualization allowing drill down between them. https://cysight.ai/forum/viewtopic.php?f=30&t=228 |
| Supports sending an alarm as SNMP trap | Yes | CySight traps can be setup to notify a SNMP Trap Server using snmp v1,v2c or v3. The contents of the trap also contain the nature of the issue. Comprehensive ticketing system will be available Q1 2015. https://cysight.ai/forum/viewtopic.php?f=30&t=257 |
| Can handle up to 40000 flows per second | Yes | Customers can generally expect CySight to handle between 9M to 20M/minute on a single server running in top 5000 flows per minute per device archival mode and between 1M to 5M per minute running in Full archival mode. Actual performance depends on the type of flows, the flow variance and environment and system hardware provided and operating system and configurations. https://cysight.ai/forum/viewtopic.php?f=30&t=245 https://cysight.ai/forum/viewtopic.php?f=36&t=246. |
| Supports both Mozilla Firefox and MS IE 8 | Yes | Client Browser Requirements
The client PC must have the following installed: Firefox, Chrome or Internet Explorer supporting SVG/HTML5. https://cysight.ai/forum/viewtopic.php?f=28&t=19 |
| Supports Cisco Nexus and HP ProCurve switches | Yes | Full Support of all flow protocols including NetFlow, IPFIX, sFlow, jFlow, cFlow, Nortel IPFIX, NetStream, Flexible NetFlow and Cisco ASA, Cisco WLC, DNS Flows, Ixea Flows, Ipv6, NBAR, Nexus. Additional support for Mac Address and MPLS determination. |
| Can create full flow forensics reports | Yes | https://cysight.ai/#Visibility Unrivaled network visibility CySight provides visibility of every network conversation and scales beyond any other product in the industry. CySight can perform analysis on any combination of data fields simultaneously (e.g. usage, packets, flows, packet size, utilization, etc) and sort data by any field. Effectively measure usage, trending patterns, baselines, averages, peaks and troughs, and standard deviations. Packet Size analysis: Provides a detailed view of network traffic by packet sizes. Use this information to optimize VoIP traffic as well as to identify packet size anomalies. Count analysis: Count records as part of a result to quickly identify excessive flows or change. Any record combination can be counted, e.g. counting all internal IP's with number of IP or Port conversations enables quick identification of Port Scanners, P2P users, DoS attacks or other multi threaded conversations. Identify long lasting flows or conversations. Deviation analysis: Analyze traffic patterns by standard deviation to identify what aspects have changed the most in a specific period, e.g. knowing what application has changed the most in the last 2 hours can lead to early detection of issues. Identify Worms, increasing flows or data floods. Bi-directional analysis: Show forward and reverse conversations and In vs. Out conversations to quickly identify which side of the conversation is responsible for traffic usage/flows. Baseline analysis: Short term and long term comparative analysis can be performed on any and every element. For example, interface, subnets, protocols, traffic between endpoints, IP, Location, Application or a combination thereof for a particular period compared against a previous period. Comparative analysis of each element across the time line gives the ability to identify which element caused the change and when. Baseline Alerting can then be activated to learn baselines for every hour for every weekday and alert on anomalies outside thresholds or standard deviations away from the norm. Percentile analysis: Short term and long term percentile analysis can be calculated. For Billing or Security. A percentile analysis of a threshold event will provide an indication of change. This can be set in conjunction with Baseline analysis. Cross section analysis: Stacked graphs enable comparison of any two network traffic parameters. As an example, A stacked bar QoS analysis can graphically show the details of each application running within every class of service. Custom Group analysis: IP addresses can be grouped by Location, Customer, Application and Services. Network traffic detail can now be categorized in logical groups for reporting, billing and capacity planning. |
| Both can be installed on the OS and exists as an appliance | Yes | Linux / Windows |
| Can work both as a standalone product or as a part of another product | Yes | https://cysight.ai/forum/viewtopic.php?f=30&t=202 Forensics reports are driven by parameters which can be defined in the "Custom Forensics" screen. |
| Sends out alarm for suspicious network activity (port scans, attacks, worms or P2P traffic) | Yes | CySight's real-time engine is also an intuitive intelligent agent that learns and builds a baseline of the traffic flows occurring on any network and can alert network management on bursts, scans and peer-to-peer (P2P) traffic. The level of granularity and the ability to drill into the traffic is unprecedented with every flow being stored for every minute up to disk space availability. CySight collection and threshold alerting options can be extended to focus deeper on security needs with a complete Intrusion Detection (IDS) and security and information event management (SIEM) system. CySight learns network behaviors and provides unparalleled network data intelligence providing enhanced security and intrusion detection. Behavior detection quickly identifies network anomalies and working together with the in-built analytical tools allow total visibility helping to eliminate network blindspots to resolve security and performance issues across business services and applications, dramatically reducing the risk of data leakage and potential business downtime. Multiple Baselines are learned for each Detection profile. A Minimum of 11424 Intelligent Baseline Statistics are learned for each Monitored Traffic Item. (4 Statistical baselines for each of the 17 Measurement Profiles for each hour for each weekday). Measurement Profiles include Flows, bps, pps, packets, packet size , bytes, counts, TCP Flags + Congestion Flags. https://cysight.ai/forum/viewtopic.php?f=30&t=226 |
| Definition of alarms based on user created filters | Yes | A Traffic analysis in Forensics can be saved as an Intelligent Baseline Network Behavior Anomaly Detection Alert. (Baseline Alert or IB-NBAD) https://cysight.ai/forum/viewtopic.php?f=30&t=217 A traffic analysis in Forensics can be saved as a Threshold Alert. https://cysight.ai/forum/viewtopic.php?f=30&t=216 |
| Can identifiy QoS configuration problems | Yes | QoS analysis - A network provider can change QoS markings to make it more difficult to conduct DoS attacks. QoS policies can help to reduce the effects of Dos and DDoS traffic floods and keep key applications available during attacks. The first step in deploying QoS is to profile applications to determine what constitutes a normal versus an abnormal flow. Standard QoS Reports incude: ToS, ToS Precedence, DSCP, PHB, PHB Class, Top X per Y: Application / ToS, Application / DSCP, Application / PHB, Lower Port / ToS, Interface / ToS, PHB Class / Day, PHB Class / Hour https://cysight.ai/forum/viewtopic.php?f=74&t=187 |
| Customizable number of elements in reports | Yes | Forensics allows a maximum of 12 raw netflow fields and more when using correlated field combinations, and allows counting of one or more of the fields. Forensics reports are driven by parameters which can be defined in the "Custom Forensics" screen. Most of the Period and Criteria parameters are compatible with Multiviews and Visualization allowing drill down between them. https://cysight.ai/forum/viewtopic.php?f=30&t=228 |
| Allows changing alarm priority while alarm is still active | Yes | The "Alerts" screen allows maintenance operations on the existing Baseline Alerts. https://cysight.ai/forum/viewtopic.php?f=30&t=226 |
| Sending reports by e-mail | Yes | The easiest way is to build the report you want on the screen and then click the “Save” button at the top of the screen. Or you can prepare your report structure in the Custom Filter and click “Save” either way is fine. Tip: Sometimes just to speed up you can go directly to the Custom Filter especially if the data size is huge and all the flows (CySight Professional/Enterprise) are being archived. From the Template/Report/Alert Definition screen you can then choose to create a Template, Scheduled Report, Standard Alert or Anomaly Detection Baseline Alert (if licensed for AD) https://cysight.ai/forum/viewtopic.php?f=72&t=173 |
| Definition of custom applications (by port, protocol, IP address,...) that will be recognized and shown in reports | Yes | CySight Application Mapping (NAAM) Adds intelligent network classification to network infrastructure using Network-Based Application Recognition (NBAR) principles. Traffic can be classified in order of precedence according to groups of known ports & protocols. Provides smallest unit classification. Does not require NBAR but if available NBAR provides deep packet inspection. Deep Packet inspection on the router. Allows traffic to be classified according to groups of protocols, port and ipv4/ipv6 addresses, ASN and ToS and categories and sub-categories of traffic and special flags such as p2p, encrypted or tunneled. Can look into the payload and classify according to the payload content such as transaction identified, message type or similar. E.g identifying p2p traffic running on Port 80. Simply configure NBAR to send its specialized Netflow template to CySight. Auditor will learn any new profiles and will add them to existing Application Mappings. Default Mappings are already provided for all Layers. NBAR/NBAR2 CySight Next Generation NetFlow Analyzer fully supports NBAR2 also known as Next Generation Network-Based Application Recognition (NBAR). NBAR2 is adopted as a Cisco cross platform protocol classification mechanism. It supports 1000 + applications and sub-classifications, and Cisco adds/provides new signatures and signatures updates through monthly released protocol packs. Advanced Classification Techniques: NBAR2 leverage classification techniques from SCE, which allow classification of IPv4, IPv6 and v6 transition techniques. NBAR2 can classify evasive applications like Bittorrent, eDonkey, Skype and Tor, as well as business applications like ms-lync, cloud applications such as office-365, and also mobile applications such as facetime, etc. using advanced classification techniques. Field Extraction Support: It provides the mechanism to extract pre-defined fields from packet headers, which can be exported via Flexible NetFlow (FNF) for reporting. https://cysight.ai/forum/viewtopic.php?f=30&t=249&p=234 |
| Supports flow collection for at least 5 devices | Yes | Correlation and analysis of feeds from multiple appliances. Stand-alone, Cluster or Hierarchy Mode. Number of Devices / Interfaces and archival limits and license tiering are controlled by license key. https://cysight.ai/licenseinfo.php |
| Can it provide billing info on customer traffic usage to be sent to our billing system (billing info API)? | Yes | The API is used to control the Provisioning of Services. Manages adds and changes to the Account and Cost Centres together with their associated includes and excluded IP-ranges. Fits into existing Billing systems allowing CySight to manage the counting and a 3rd Part system to manage the billing and own the Primary Chart of Accounts. |
| We need to give each of our customers a web-based report view but of course they’re only allowed to see their network info (based on IP address block, ASN etc.). | Yes | CySight provides 3 user group roles; Administration, Operation and Customers. An Administration user has full privileges on all data and on all screens, no extra authorization is needed. An Operational user is limited by the Devices he is authorized to analyze. A Customer user is only able to generate analysis subject to the limitation of specified interfaces and/or accounts. Where Accounts correlate to preconfigured IP Allocations or AS Numbers. IP allocations can be IPv4 or IPv6. The User can be Authenticated with SSO using LDAP. https://cysight.ai/forum/viewtopic.php?f=30&t=197 https://cysight.ai/forum/viewtopic.php?f=36&t=190 |