Netsweeper: Inside The Sweeps

Netsweeper & Niagara Networks Partnership

December 01, 2020 Netsweeper
Netsweeper: Inside The Sweeps
Netsweeper & Niagara Networks Partnership
Show Notes Transcript

Learn More About Netsweeper and Niagara Networks Joint Solution

Niagara Networks and Netsweeper join forces to solve challenges with unprecedented agile integration in a unified high-performance platform to enable full packet visibility and content control for carrier-grade environments. Niagara Networks’ serves as mediation layer visibility toolkit that captures all traffic of interest at any rate, from anywhere in the network, and delivers laser-precision flows from packet broker to Netsweeper for comprehensive internet content classification, filtering, reporting and threat detection.

Zeev Draer and Yigal Amram from Niagara Networks and Hisyam Halim  from Netsweeper join me on the podcast to discuss the partnership and the  joint solution.

Feel free to reach out to any of the guests to learn more about Niagara Networks and the partnership.

Zeev Drear: zeevd@niagaranetworks.com

Yigal Amram: yigala@niagaranetworks.com

Hisyam Halim: hisyam.halim@netsweeper.com



[01:35] Niagara Networks is a young company, probably about four years old, we’re based in San Jose, California, all the products that we are making are made in the USA (software, hardware). We are very focused on visibility and security, meaning we provide the platform for all the tools/appliances that you know need to see the traffic and maybe part of the traffic or maybe the intelligence of the network, if you will.

What we have done since our inception is we started with a very intelligent kind of bypass switch approach that today is being deployed in many, many data centers as a gatekeeper for global banks to service providers. And the reason being it has that ability to be inline but also dynamically make some changes based on the appliance’s behavior, right?

I’ll give you an example. Let’s assume there is a bypass that out of Niagara, connected to a firewall and IPS, and maybe some extra monitoring, and it could be any rate. So, the ability basically to look at the traffic, check the health of the tools or the appliances and make some decision based on that. That’s how Niagara started.

And that’s what we will speak to today. And you know, we are very happy to have Netsweeper as our partners to work together and provide a unique solution on the platform of Niagara, but actually most of the intelligence and the security is done by Netsweeper. And it’s actually on the same platform. So, that’s kind of the evolution of Niagara Networks and where we are today. We are mainly selling to large organizations, either enterprise, service provider, financial, we’re a global company, we have sales with all the regions, and we are a growing company. So, I think this is a great opportunity for Netsweeper and Niagara Networks to be out and about.

[04:36] Thank you for that explanation. Yes, when I was looking at when the partnership was first coming about and researching into Niagara Networks, what I really liked was your network tap. How are you guys are able to duplicate networks without slowing it down? Can you speak a little bit about that and how Netsweeper plays a part?

[04:52] So obviously, there is no packet loss all the traffic getting to the Netsweeper however, you know if there’s need some intelligence, i.e., to do some filtering or maybe scrutinize what kind of traffic we sending to Netsweeper, we have the ability and the capacity to do it in a hardware line rate, right? So, we have some filters that actually can just send the right traffic to Netsweeper. That’s one option.

Obviously, the other option is what happens if right? I mean, you always have some contingency that when you have an operation in a network, especially let’s say as a service provider or a large enterprise is let’s assume, you know, there’s a power failure or any other behavior within the network, then the Niagara device with with the Niagara tap/bypass is actually sending heartbeat packets to Netsweeper to make sure that it’s up and running and all the traffic that needs to be associated with Netsweeper is actually received. And if there is a power failure, we will maintain the network uptime, so there is zero loss when we switch when there’s no power because everything is done in hardware, either we have an optical relay or electrical relay that actually maintains the links between the router on the network side and we maintain that link. So obviously, if there’s a power failure, you’re not we’re not going to send the traffic to Netsweeper, but we will maintain the network up and running at 100%.

[06:37] Yeah, that’s really unique considering how Niagara Networks was founded just four years ago, as you mentioned, and it’s really interesting to see how the Niagara Networks network packet broker is very advanced and way ahead of the game in the industry. And it’s also interesting how the Netsweeper’s filtering solution fits right into that.

[06:57] Now, I want to jump in a little bit about how this partnership came to be. Hisyam, maybe you can speak on that. I think Netsweeper and Niagara complement each other very well. The Niagara solution actually makes our implementation better and more efficient, more resilient.

The partnership came about a few years ago, I think when I met with the VP of Asia Pacific of Niagara, and I think people in our head office in Waterloo also met you Yigal if I’m not mistaken. Correct.

[07:25] That’s true. Yeah. Yeah. That’s years ago.

[07:27] Yep. And we evolved from there. And until we actually have Netsweeper integrated into the Packetron module within Niagara chassis, basically hosting a virtual environment within Niagara solution. So that’s how our relationship has evolved and integrated to be closer to the Niagara solution. And because of our solution, how good it complements each other, it makes complete sense to propose the solution together, especially if we’re proposing filtering in large networks, large service provider networks, for example. So, it’s just a perfect complement to what we do.

[08:10] Yeah, thank you. Yeah, it’s interesting how finally we have these partnerships that are coming together to solve problems for customers, I think that’s what it boils down to. Working together to solve problems in large network organizations like telcos. And it’s interesting how these two companies have come together. Now, you said the partnership was announced recently. Zeev or Yigal, from what I hear, you’ve already been solving customers problems working together already? And if I’m correct, you have already implemented the joint solution in a customer’s network. So, can you go a bit into that? And what are the results that are coming about?

[08:47] Sure. So I think that we’ll start from basically outlining what we try and why we do what we do and how we solve it. And when we look at our solution itself, actually, it’s pretty much the mediation layer between networks and security tools or network monitoring tools in a way that’s really explained by Yigal. And usually both organizations, the network operations and security operations, both of them are actually jointly using our solution. So we practically facilitate this obstacle that they usually have in order to access the right data at the right time and actually feed the right tools.

But there are three major obstacles that we see currently in the industry, and specifically when we’re looking at those two organizations that are typically under the same umbrella. The first one is the fact that security incidents detection takes too long.

The number two item is that modern IT architectures and regulations, by the way, which is also very relevant to Netsweeper, they create new blind spots for network monitoring and security, which means when you have encrypted traffic you have blind spots because the infrastructure might be totally hybrid, it could be virtual, it could be physical. If it’s virtual, it’s very agile. It means that if you have a tool or any type of gateway, you can spin those virtual machines in seconds in different geographies and different areas, it can scale out scale in or out and those type of model and IT architecture get really complicated in terms of operations for a network.

Number three is that IT is overwhelmed. Tool efficiency and agility is a very important part, because most organizations are business oriented. What we are trying to do is really deliver the right traffic to the right tool and do it once to many tools and optimize the data to match capacity. Sometimes what you see is actually a different type of firewall or any other inline tool that needs to go to higher speeds. Businesswise, it could be a very huge expense. So usually load sharing on lower spin rates of those tools might be very relevant.

And when we look at this partnership, specifically with Netsweeper that Yigal and Hisyam already mentioned, we have two areas of cooperation that could be used. One of them is a standalone, meaning that you have the separated packet broker and aggregation of tabs. The tabs — think about it as a probe that can copy traffic, whether it will be out of band or inline, and basically move it to the packet broker for placing those streams of traffic to Netsweeper internet content filtering.

The number two actually option has to do with our open visibility platform, which we can host inside the virtual tool of Netsweeper. So pretty much if we look at the second use case, or second option of partnership, it’s a simplified deployment, you can run and get any traffic raids, any speed, it’s very elegant micro segmentation of the network, more tools can be also added to security chain stack. So if we use Netsweeper, we can cascade the traffic to additional tools in the chain, which are defined by security operations or network operations.

And in terms of the value proposition to summarize the narrative very correctly, which is I think, if we look at the content and visibility and control use case, so it’s first of all carrier grades, you know, the in terms of uptime in terms of scale, we can expand the Netsweeper on our hosted environment, you can spin more virtual machines, or again, in terms of performances, which practically high performance and enables also very minimal latency. So the two all modes of deployment, as discussed previously, one Yigal mentioned as inline, which is the bypass and taps, which sends inline traffic to Netsweeper per proxy, or the second one, which I assume Hisyam is what we have in the leading fixed line service provider in Southeast Asia, I think this was the location, which is which is basically out of band so it’s offline. And that’s really collecting the traffic and then aggregating everything to packet broker then we send a copy of out of band web traffic, which could be again, HTTPS or secure HTTPS to filter and reset and deny actions. So the benefits of this kind of mode is again, zero latency, zero network risk, because it’s completely offline. And I think even in that specific case, the lower TCO of less hardware is imperative.

[13:50] Yes, that’s correct. for that particular project, the service provider is offering extra value and they just want to increase what they can offer. And one of them is offering filtering to protect students from going to inappropriate content. They were looking around for a solution. And we proposed a solution together with Niagara. We have a built-in resiliency with the load balancing and aggregation for multiple tabs so that we can handle larger traffic and we configured the packet broker to filter out the irrelevant traffic only sending the relevant traffic that we were interested in, just basically HTTP and HTTPS packets, right. The joint solution essentially has been in operation for more than a year now. They probably could add more bandwidth to the system as we go to the second year or third year. So the solution worked very well. And it also gave a chance for us to see how the solution worked together in the real world and for our engineers to learn more about the packet broker to end configuration.

[14:55] I like how you touched upon Hisyam how the joint solutions have been in development for quite a while now. Now, Zeev mentioned some of the pain points, challenges like IT being overwhelmed, the need to be optimizing data. And now that there are more users on the internet, the more of those challenges are being highlighted. Now, based off of those pain points mentioned, what we’re really wanting to know is what are the use cases of this joint solution that help customers solve those problems? Would you be able to explain that a little bit?

[15:26] Yeah, it’s a good point. In fact, you know, I actually mentioned previously that everything is also surrounding the business kind of aspect. And, you know, if you look at the service provider environment, they struggle today in terms of their business models, specifically, how they can monetize the traffic in the network without, again, degradation of service and user experience. And I believe that the Netsweeper solution, the fact that you really can monetize traffic, and always this web value added service based on web filtering, it’s something that absolutely could be of value to those service providers just beyond delivering traffic on big pipes. And most of them, they struggle today to be efficient and profitable.

The other thing, which is also relevant is really reducing the capacity of hostile and not legitimate traffic, which can consume a lot of your wider networking. And maybe if it’s an ISP, you’re paying a lot of money for those pipes. So, the fact that you can really control the traffic in terms of those non relevant packets that could be filtered. And again, when I say packets, obviously, we’re talking about layer seven URL filtering, that could drive clicks and hyperlinks to very high-capacity files.

I’m sure many of your customers could certainly point out that in many cases, that service provider creating new services for educational organizations or even businesses need to create some level of special tools, whether it will be businesses or retail, I think that you guys also serve different type of retail, when I say retail, it’s related to a residential URL filtering, customized kind of. But enterprises, as customers in terms of our customers, typically we work with very large, big enterprises, and they have corporate directive on content, you know, in not only content, but basically, nowadays work from home. So, you need to ensure that your employees use also very accurate corporate directive on productivity, and they have secure browsing from any hostile traffic or downloading any illegal content that can harm especially for public companies.

I’m not sure if you guys also would like to highlight the fact that, you know, in those cases we discussed together, part of it was this unique option of artificial intelligence, which handles much more than just plain vanilla URL filtering.

[18:15] Yes, this part of the thing that we offer all those use cases that you mentioned, it’s highly relevant now, what we can offer, not just URL filtering, but we can offer our dynamic URL database, we have an AI-based categorization engine in our cloud that will categorize the URLs into 91 categories. And some of the categories will be of interest to enterprise, for example, to block pornography, gambling, anything that’s not related to productivity, or something that could expose a company to litigation, like copyright infringement, sexual harassment, that kind of stuff.

These are HR concerns, essentially. So, if an enterprise has those policies, they can use the Netsweeper URL database, select those categories to block, and then you’ll be able to prevent those cases. There’s an enterprise space in the service provider space, enhancing the value of what they’re offering is the name of the game now. They can provide clean pipe internet, which is basically internet that’s already pre-filtered to the customers for the marketer targeting certification, maybe content that has to be in compliance with education for example in the US, we have in the Children’s Internet Protection Act, which requires public schools and public libraries to filter inappropriate content. So if you’re a service provider, providing connectivity to that market, you can pre-filter it in the network using our joint solution.

[19:39] And as part of their framework, Netsweeper has excellent data in terms of threat intelligence value, because of the fact that you have this database of different types of URLs which you categorize now. The fact that you can categorize this, this could be the first step or first door that you open for those threat intelligence themes, which is supposed to get more visibility of what areas could create a breach ending and feed their CRM system. So yeah, I think that that’s an excellent solution there.

[20:23] Yes, that’s true. On top of our web threat categories, you know, viruses, malware, phishing, obviously, we’ll create a report the software team can be alerted on. We also have extensive logging capability, we’re designed for large carriers, so we can log with very, very high throughput traffic. So, if the security team is interested in looking at particular traffic going to a particular IP, or a particular URL, or even particular countries, because we also categorize by countries just for investigation purposes, then this is a good place to start. You may see irregular traffic going to a particular country that might not normally happen. It could trigger a report. We have reports that detect thresholds or changes in the numbers in a report, and it could trigger an alert and the security team will get an email from our reporting system. Netsweeper is more than just filtering, our reporting features are very extensive because we’ve been in the business for 20 years. And since the beginning, we’ve been in education space, and the schools are very demanding when it comes to seeing what the students are using the internet for.

[21:28] Some excellent points, guys, I love the back and forth and the adding of the value propositions and how it brings it to the customer. Now to switch gears a little bit. I know you guys mentioned in line and out of band. Is it rare to see a company offering both?

[21:42] I think I’ll take it. So, it’s not it’s not unusual. It’s pretty typical to have either outbound i.e., from the Niagara platform going to any appliance or tool, and in any line, which is basically connected in line. So, traffic going through the Niagara, goes through the insecurity tool being inspected, goes back to the Niagara and then to the network. So that’s something that is I would say very common. I think what we have done with Netsweeper is we’re thinking about how we can bring more value to the customer.

Sometimes companies today just see what the competition does and just follows that. We’re focusing on how we can bring more value with customers, and we speak with customers about what will be ideal. We came up with the idea that we can actually create a computer or a VR platform embedded into the Niagara Networks device and we can host someone like Netsweeper, or maybe a Netsweeper with another company.

In this particular solution, it’s very suitable for satellite facilities or remote facilities when you don’t have the infrastructure, but then you can have the Niagara device and host several tools in a virtual environment and, you know, get all the information to the tools or the right traffic to the tools. And you know, you enhance your security, obviously, your filtering capability with someone like a Netsweeper.

So, this is really the added value and what really differentiates that solution and partnership together than others. I would say that the out-of-band and the inline, it’s fairly common, but having it hosted together that’s fairly unique.

[22:08] Thank you for the explanation, Yigal. I like how you mentioned bringing value to the customer, as we’ve seen in the past few months, because of COVID. People are working remotely. You’re offering the services for our enterprises a lot, right? How have they taken advantage of this joint solution, or even Niagara itself?

[24:28] So, that’s a very excellent question and relevant for the time we’re living right now with COVID-19. So, as you know, as 2020 is progressing and we were somewhere around May, March, and April, we have seen more and more interest in the inline solution, specifically, you know, monitoring all the VPN and we see that from global companies. So, we have seen a great increase of demand for the ability to secure all remote workers/users. And that’s something that I believe, you know, obviously with Netsweeper we can complement each other very well.

So, the ability to have the platform that gets all the traffic from all the users, and it’d be able to aggregate the traffic but also expand it in a way that, you know, let’s say you have 5000 users coming to the corporate and because of the environment we live in, it actually grew to 40,000. So, all of a sudden, you have so much of an increase in capacity and having a platform like Niagara, it’s basically easy to maintain and to increase capacity. All right, you just put a module that’s 100 gigs and now the system is pretty much running 100 gigs, we’re still continuing to do all the filtering and network intelligence, and at the end of the day, we may send only a fraction of that traffic to Netsweeper, or some other tools as well.

[25:53] So, it’s basically really easy to scale up, correct?

[25:56] Exactly. Two areas also that might be interesting (with this work from home environment) is the shadow IT (anything which is not really controlled and visible to a corporate IT team). Typically, if you see those different pipes, you’ll still able to control what is getting in and out if we’re really sitting inline. So, in such a case again, that’s a big value for those corporates that need to handle so many employees outside.

[26:27] Yeah, I think we spoke to this in our previous episode when it comes to students, but it’s a little bit different when it comes to enterprise. There is a growing challenge for enterprises especially, as they’re not really set up for the situation right now. And some are even struggling at the moment and are just beginning to realize that this might be something that’s not going to be going away very soon.

Well, thank you guys, Hisyam, Yeev, and Yigal for your time on this podcast. Before we wrap it up. Is there anything that I have not addressed that you would like to tell the audience? You know, any news that’s coming up or anything you want? The floor is yours!

[27:13] Okay, so first of all, thanks for hosting us. It was a pleasure for us. I think that this kind of freestyle podcast is very interesting. I think we discussed very clearly the obstacles that we see in the marketplace and how the joint solution really can facilitate and streamline those complexities to something that will be much easier to cope with. I believe that in terms of a technology partnership, we certainly will find additional areas of cooperation besides the existing one, the fact that the dynamics of the market are so fast. Each day is a different day in this environment. So, we certainly believe and rest assured that we’ll find even more areas of cooperation that we didn’t think about before and thanks again for hosting us.

[28:16] Thank you for tuning into this episode. I hope all of you enjoyed this conversation. If you want to learn more about Niagara Networks, Netsweeper, or anything discussed on this episode, feel free to reach out to any of our guests, they’ll be happy to chat. If you have not listened to the previous episodes, please check them out on Spotify or Google podcasts and hit subscribe to stay updated on all news related to Netsweeper, make sure to give us a follow on any of our social platforms. We’re active on LinkedIn, Twitter, and Facebook. Once again, thank you for listening. Until next time.