How ClearSkies NG iCollector works

How ClearSkies NG iCollector works

ClearSkies™ NG iCollector™ is an intelligent device which collects and intelligently analyzes in real time log data from hundreds of different types of assets. ClearSkies™ NG iCollector™ is offered as a physical or virtual appliance, and can be deployed either on-premises, cloud or both in hybrid environments.

Performing a number of operations, the ClearSkies™ NG iCollector™ Collects, Archives (Digitally Signs/Encrypts), Normalizes, Intelligently Analyzes, Correlates vast volumes of heterogeneous log data, utilizing contextual information and evidence-based knowledge of emerging threats, vulnerabilities, users and assets, for the early detection and response to targeted attacks and data breaches. To safeguard the confidentiality and preserve the integrity of sensitive information, collected log data may undergo a masking process.

ClearSkies NG iCollector

Collects

Archives (Digitally Signs/Encrypts)

Normalizes

Intelligently Analyzes

Correlates vast volumes of heterogeneous log data

NG iCollector™ architecture

Collect
Archive (Digitally Sign,
Encrypt)
Normalize
Intelligently
Analyze
Correlate
Mask
Collect
Vast volumes of heterogeneous data sets generated from diverse security devices, network infrastructure, systems and applications, are collected.
Archive
Log data collected is compressed at a ratio of up to 96%, digitally signed and optionally encrypted before it is archived. This way collected logo data is maintained in a state which could also be utilized for forensic investigation or legal evidence, should the need arises.
Normalize
Log data collected is normalized and stored into a common schema at the time of data collection, for further processing.
Intelligently Analyze
Intelligent processing, aggregation and analysis of log data with the use of User & Entity Behavioral, Artificial Intelligence, Predictive and Machine Learning models by incorporating contextual information for the prediction of suspicious and/or the detection of abnormal behavior.
Correlate
Correlation of log data utilizes not only a number of statistical and heuristic models but also a number of predefined intelligent correlation rules combined with evidence-based knowledge of emerging threats and vulnerabilities, thus allowing the early detection and as a result, the response to targeted attacks and data breaches.
Mask
Sensitive information found within the log data, such a credit card numbers, can be optionally masked to safeguard its confidentiality.

NG iCollector™ Deployment Architecture

To ensure the continuous availability of the service, two ClearSkies™ NG iCollector™ appliances can be deployed on the organization’s premises in a high-availability configuration.
All physical iCollectors support a high-availability option where a second iCollector acts as a failover system in case the primary iCollector goes down. They both share a virtual IP where all traffic from the in-scope assets is forwarded, ensuring minimum data loss and continuation of all operations as normal. In terms of the collecting applications, they too are taken care of, as they resume the collection from the secondary iCollector. All the rest (Correlation Engine, Reports, Big Data Search, Dashboard et al.) then work as expected, this way creating an invisible layer between the iCollector and the ClearSkies™ Secure Web Portal.

ClearSkies™ NG iCollector™ appliances can be deployed either as Virtual Machines running on supported Virtual platforms, or as a dedicated physical appliance.

NG iCollector™ Virtual appliance compatibility matrix and technical characteristics

EPS Up to 500 Up  to 1000 Up to 2500
GB/day 10 20 50
Hypervisor Type & Version VMware 6.0 +/Hyper-V 2016 + VMware 6.0 +/Hyper-V 2016 + VMware 6.0 +/Hyper-V 2016 +
CPU 2 CPUs X 2 Cores 2 CPUs X 4 Cores 2 CPUs X 10 Cores
Memory 8 GB 16 GB 32 GB
HDD Size 500 GB 700 GB 1 TB
HDD IOPS 50 100 250
Network Interface 2 X 1 GBit copper 2 X 1 GBit copper 4 X 1 GBit copper

NG iCollector™ Physical appliance technical characteristics

EPS Up to 5.000 More than 5000
GB/Day 100 100+
CPU 2 CPUs X 8 Cores 2 CPUs X 10 Cores each
Memory 32 GB 64 GB
Hard Drive 2 x 300 GB SAS + 4 x 600 GB SAS 2 x 300 GB SAS + 4 x 1 TB SAS
Network Interface 4 X 1 GBit copper 4 X 1 GBit copper