An intelligent machine
iCollector™
Collect
Vast volumes of heterogeneous data sets generated from diverse security devices, network infrastructure, systems and applications, are collected.
Archive
Log and event data collected are compressed at a ratio of up to 96%, digitally signed and optionally encrypted before they are archived. This way, collected log and event data and maintained in a state that could also be utilized for forensic investigation or legal evidence, should the need arise.
Normalize
Log and event data collected are normalized and stored into a common schema, at the time of data collection, for further processing.
Mask
Sensitive information found within log and event data, such as credit card numbers, can be optionally masked to safeguard confidentiality.
Correlate
Correlation of log and event data utilizes, not only a number of statistical and heuristic models, but also a number of predefined intelligent correlation rules combined with evidence-based knowledge of emerging threats and vulnerabilities, this way allowing the early detection of and response to targeted attacks and data breaches.
Intelligently Analyze
Intelligent processing, aggregation and analysis of log and event data with the use of User & Entity Behavioral, Artificial Intelligence, Predictive and Machine Learning models by incorporating contextual information for the prediction of suspicious and/or the detection of abnormal behavior.
Collect
Vast volumes of heterogeneous data sets generated from diverse security devices, network infrastructure, systems and applications, are collected.
Archive
Log and event data collected are compressed at a ratio of up to 96%, digitally signed and optionally encrypted before they are archived. This way, collected log and event data and maintained in a state that could also be utilized for forensic investigation or legal evidence, should the need arise.
Normalize
Log and event data collected are normalized and stored into a common schema, at the time of data collection, for further processing.
Mask
Sensitive information found within log and event data, such a credit card numbers, can be optionally masked to safeguard confidentiality.
Correlate
Correlation of log and event data utilizes, not only a number of statistical and heuristic models, but also a number of predefined intelligent correlation rules combined with evidence-based knowledge of emerging threats and vulnerabilities, this way allowing the early detection of and response to targeted attacks and data breaches.
Intelligently Analyze
Intelligent processing, aggregation and analysis of log and event data with the use of User & Entity Behavioral, Artificial Intelligence, Predictive and Machine Learning models by incorporating contextual information for the prediction of suspicious and/or the detection of abnormal behavior.
Demo request
See it in action!
Experience the value of ClearSkies™! Request a live demo from our qualified representatives.
iCollector™ Deployment Architecture
To ensure the continuous availability of the service, two ClearSkies™ iCollector™ appliances can be deployed on the organization’s premises in a high-availability configuration.
All physical iCollectors support a high-availability option where a second iCollector acts as a seamless failover system in case the primary one goes down. They both share a virtual IP where all traffic from the in-scope assets is forwarded, ensuring minimal data loss as well a continuation of all operations as normal. In terms of the collecting applications, they resume the data collection from the secondary iCollector. All the rest (Correlation Engine, Reports, Big Data Search, Dashboard etc.) continue to work as expected, this way creating an invisible layer between the iCollector and the ClearSkies™ Secure Web Portal (SWP).
Virtual appliance compatibility & technical characteristics
| Small | Medium | Large | X-Large | |
|---|---|---|---|---|
|
License GB/day |
Up to 10 GB/day |
10-30 GB/day |
30-50 GB/day |
50-100 GB/day |
|
Virtualization Platform |
VMware 6.0+ Hyper-V 2016+ KVM 1.5.3+ |
VMware 6.0+ Hyper-V 2016+ KVM 1.5.3+ |
VMware 6.0+ Hyper-V 2016+ KVM 1.5.3+ |
VMware 6.0+ Hyper-V 2016+ KVM 1.5.3+ |
|
CPU |
12 CPUs |
20 CPUs |
30 CPUs |
40 CPUs |
|
RAM Memory |
12 GB |
20 GB |
32 GB |
64 GB |
|
HDD Storage |
300 GB |
500GB |
750 GB |
1 TB |
|
HDD IOPS |
50 |
100 |
250 |
500 |
|
Network |
2 x 1 Gbps |
2 x 1 Gbps |
2 x 1 Gbps |
2 x 1 Gbps |
|
Endpoints |
Up to 100 Endpoints |
Up to 400 Endpoints |
Up to 700 Endpoints |
Up to 1000 Endpoints |
Physical appliance technical characteristics
| Small Physical | Medium Physical | Large Physical | |
|---|---|---|---|
|
License GB/day |
100-150 GB/day |
150-300 GB/day |
300-500 GB/day |
|
Device/Model |
ClearSkies™ 150 |
ClearSkies™ 300 |
ClearSkies™ 500 |
|
CPU |
2 x Intel Silver 4114 @ 2.20GHz (10 cores) |
2 x Intel Gold 6230N @ 2.30GHz (20 cores) |
2 x Intel Gold 6252N @ 2.30GHz (24 cores) |
|
RAM Memory |
32 GB |
64 GB |
128 GB |
|
HDD |
4 x SSD (2 x 240GB & 2 x 960GB) |
4 x SSD (2 x 240GB & 2 x 960GB) |
4 x SSD (2 x 240GB & 2 x 2TB) |
|
Network |
4 x Gbps + iLO |
4 x Gbps + iLO |
4 x Gbps + iLO |
|
PSU |
2 x 800w |
2 x 1600w |
2 x 1600w |
|
Endpoints |
Up to 1400 Endpoints |
Up to 2000 Endpoints |
Up to 3500 Endpoints |
