Alpha Data, a large systems integrator based in Dubai, UAE, manages the networks for Dubai Airports. They contacted us looking for help with developing a high-performance full packet capture solution, to record and retain the last three months of network traffic for analysis.
They needed technology to generate NetFlow in the form of IPFIX and send it to the data lake they were implementing for Dubai Airports. This was due to incorporate Securonix SIEM and Hadoop for big data analytics. They were also looking to generate Syslog data to export to Kafka.
We recommended a solution based on two custom-made ultra-high spec versions of ntop’s nBox Recorder, equipped with Napatech NT20E3-2-PTP and Intel 82599/X520 network adapters for high-speed packet capture.
Each device included:
- A large amount of RAM
- High capacity SSDs for storage and replay
- High spec CPUs
- Multiple ultra-high-performance packet capture cards
- Software for capturing packets and generating NetFlow/IPFIX and Syslog (nProbe Cento, PF_RING ZC for FPGA Adapters and ntop n2disk 10/40G)
The package we offered included installation, configuration and custom development, with the reassurance of a hardware warranty and software maintenance.
The solution has been running successfully since December 2018. Dubai Airports are now able to quickly identify security issues from the metadata in Securonix, then replay a recording of the actual traffic in Hadoop.