An intelligent machine

iCollector™

Architecture

How ClearSkies™ iCollector™ works

ClearSkies™ iCollector™ is an intelligent device that collects and intelligently analyzes, in real time, log and event data from hundreds of different types of assets. ClearSkies™ iCollector™ is offered as a physical or a virtual appliance, and can be deployed either on premises, cloud or both, in hybrid environments.

Performing a number of operations, ClearSkies™ iCollector™ Collects, Archives (Digitally Signs/Encrypts), Normalizes, Intelligently Analyzes, Correlates vast volumes of heterogeneous log data, utilizing contextual information and evidence-based knowledge of emerging threats, vulnerabilities, users and assets, for the early detection and response to targeted attacks and data breaches. To safeguard the confidentiality and preserve the integrity of sensitive information, collected log and event data may undergo a masking process.

Collect

Vast volumes of heterogeneous data sets generated from diverse security devices, network infrastructure, systems and applications, are collected.

Archive

Log and event data collected are compressed at a ratio of up to 96%, digitally signed and optionally encrypted before they are archived. This way, collected log and event data and maintained in a state that could also be utilized for forensic investigation or legal evidence, should the need arise.

Normalize

Log and event data collected are normalized and stored into a common schema, at the time of data collection, for further processing.

Mask

Sensitive information found within log and event data, such as credit card numbers, can be optionally masked to safeguard confidentiality.

Correlate

Correlation of log and event data utilizes, not only a number of statistical and heuristic models, but also a number of predefined intelligent correlation rules combined with evidence-based knowledge of emerging threats and vulnerabilities, this way allowing the early detection of and response to targeted attacks and data breaches.

Intelligently Analyze

Intelligent processing, aggregation and analysis of log and event data with the use of User & Entity Behavioral, Artificial Intelligence, Predictive and Machine Learning models by incorporating contextual information for the prediction of suspicious and/or the detection of abnormal behavior.

Collect

Vast volumes of heterogeneous data sets generated from diverse security devices, network infrastructure, systems and applications, are collected.

Archive

Log and event data collected are compressed at a ratio of up to 96%, digitally signed and optionally encrypted before they are archived. This way, collected log and event data and maintained in a state that could also be utilized for forensic investigation or legal evidence, should the need arise.

Normalize

Log and event data collected are normalized and stored into a common schema, at the time of data collection, for further processing.

Mask

Sensitive information found within log and event data, such a credit card numbers, can be optionally masked to safeguard confidentiality.

Correlate

Correlation of log and event data utilizes, not only a number of statistical and heuristic models, but also a number of predefined intelligent correlation rules combined with evidence-based knowledge of emerging threats and vulnerabilities, this way allowing the early detection of and response to targeted attacks and data breaches.

Intelligently Analyze

Intelligent processing, aggregation and analysis of log and event data with the use of User & Entity Behavioral, Artificial Intelligence, Predictive and Machine Learning models by incorporating contextual information for the prediction of suspicious and/or the detection of abnormal behavior.

talk-to-an-expert-2
Demo request

See it in action!

Experience the value of ClearSkies™! Request a live demo from our qualified representatives.

iCollector™ Deployment Architecture

To ensure the continuous availability of the service, two ClearSkies™ iCollector™ appliances can be deployed on the organization’s premises in a high-availability configuration.

All physical iCollectors support a high-availability option where a second iCollector acts as a seamless failover system in case the primary one goes down. They both share a virtual IP where all traffic from the in-scope assets is forwarded, ensuring minimal data loss as well a continuation of all operations as normal. In terms of the collecting applications, they resume the data collection from the secondary iCollector. All the rest (Correlation Engine, Reports, Big Data Search, Dashboard etc.) continue to work as expected, this way creating an invisible layer between the iCollector and the ClearSkies™ Secure Web Portal (SWP).

Virtual appliance compatibility & technical characteristics

Small Medium Large X-Large
License GB/day
Up to 10 GB/day
10-30 GB/day
30-50 GB/day
50-100 GB/day
Virtualization Platform
VMware 6.0+
Hyper-V 2016+
KVM 1.5.3+
VMware 6.0+
Hyper-V 2016+
KVM 1.5.3+
VMware 6.0+
Hyper-V 2016+
KVM 1.5.3+
VMware 6.0+
Hyper-V 2016+
KVM 1.5.3+
CPU
12 CPUs
20 CPUs
30 CPUs
40 CPUs
RAM Memory
12 GB
20 GB
32 GB
64 GB
HDD Storage
300 GB
500GB
750 GB
1 TB
HDD IOPS
50
100
250
500
Network
2 x 1 Gbps
2 x 1 Gbps
2 x 1 Gbps
2 x 1 Gbps
Endpoints
Up to 100 Endpoints
Up to 400 Endpoints
Up to 700 Endpoints
Up to 1000 Endpoints

Physical appliance technical characteristics

Small Physical Medium Physical Large Physical
License GB/day
100-150 GB/day
150-300 GB/day
300-500 GB/day
Device/Model
ClearSkies™ 150
ClearSkies™ 300
ClearSkies™ 500
CPU
2 x Intel Silver 4114 @ 2.20GHz
(10 cores)
2 x Intel Gold 6230N @ 2.30GHz
(20 cores)
2 x Intel Gold 6252N @ 2.30GHz
(24 cores)
RAM Memory
32 GB
64 GB
128 GB
HDD
4 x SSD (2 x 240GB & 2 x 960GB)
4 x SSD (2 x 240GB & 2 x 960GB)
4 x SSD (2 x 240GB & 2 x 2TB)
Network
4 x Gbps + iLO
4 x Gbps + iLO
4 x Gbps + iLO
PSU
2 x 800w
2 x 1600w
2 x 1600w
Endpoints
Up to 1400 Endpoints
Up to 2000 Endpoints
Up to 3500 Endpoints