Overview
The Trellix PX 5600 is a powerful forensics tool that continuously captures packets at a high rate of speed without loss. It enables packet search and retrieval in minutes using an intelligent real-time indexing method.
Network Forensics
Your organization needs early incident detection and swift investigation to determine scope and impact, effectively contain threats, and resecure your network.
Trellix Network Forensics pairs the industry’s fastest lossless network data capture and retrieval solution with centralized analysis and visualization. It accelerates the network forensics process with a single workbench that simplifies investigations and reduces risk.
Network Forensics allows you to identify and resolve security incidents faster by capturing and indexing full packets at high speeds. With Network Forensics, you can detect a broad range of security incidents, improve your response quality, and precisely quantify the impact of each incident.
Part of Network Forensics, investigation analysis appliances reveal hidden threats and accelerate incident response by adding a centralized workbench with an easy-to-use analytical interface.
Analysts can review specific network packets and sessions before, during, and after an attack. By reconstructing and visualizing the events triggering malware download or callback, your security team can respond effectively and swiftly to prevent recurrence. They can also expand visibility into attacker activity by decoding protocols typically used to laterally spread attacks in a network.
This unique combination of high-performance packet capture and in-depth analytics helps your organization quickly recognize and monitor every element of an attack.
Packet Capture Highlights
- High performance: Continuous lossless packet capture with time stamping at recording speeds up to 20 Gbps
- High fidelity: Real-time indexing of all captured packets using time stamp and connection attributes; export of flow index and connection metadata in JSON format; flow index can be converted to NetFlow v9, IPFIX, and SiLK Data formats
- Fast results: Ultrafast search and retrieval of target connections and packets using patented indexing architecture
- Rich context: Web-based, drill-down GUI for search and inspection of packets, connections, and sessions
- Extensive visibility: Session decoder support to view and search web, email, FTP, DNS, chat, SSL connection details, and file attachments
- Intelligent capture: Selective filtering of captured traffic to eliminate streaming video, large file transfers, encrypted payloads, and more
- Improved efficiencies: Automated processes to identify data theft, using proprietary algorithms to diagnose potentially anomalous network behavior
Benefits
Conduct Effective Threat Investigations
Detect a broad range of security incidents, improve your response quality, and precisely quantify the impact of each incident.
Reconstruct the Cyber Attack Kill Chain
Reveal hidden threats and accelerate incident response by reviewing specific network packets and sessions before, during, and after an attack.
Reduce the Mean Time to Detect and Respond
Accelerate the network forensics process with a single workbench that simplifies investigations and remediates attacks.
Specifications
|
PX 5600 |
PX 7600 |
PX 7620 |
Capture port configuration |
4p*10G FPGA-QSFP ports |
2p*40G FPGAQSFP
Optional 8x10G fiber port |
2p*40G FPGAQSFP
Optional 8x10G fiber port |
Management ports |
2p 10/100/1000 BASE-T ports |
2p*10GT+2p*SFP |
2 x 1GbE |
Max record speed |
6-10 Gbps |
10-20 Gbps |
14-20 Gbps |
Total onboard storage |
120TB raw storage,
80 TB for PCAP storage |
192 TB raw storage, 122 TB for PCAP storage
Expandable SAS attached storage |
No onboard storage; Fibre HBA to external SAN storage |
Enclosure |
2RU, Fits 19 inch rack |
2RU, Fits 19 inch rack |
2RU, Fits 19 inch rack |
Dimension WxDxH |
17.2” (437mm) x 25.5” (647mm) x 3.5” (89mm) |
17.2” (437mm) x 25.5” (437mm) x 3.5” (89mm) |
17.2” (437mm) x 25.5” (437mm) x 3.5” (89mm) |
Appliance alone / as shipped weight in lb. (kg) |
42 lbs (19.05 kg) |
81.2 lbs (36.8 kg) |
63 lbs (28.6 kg) |
Power supply/typical operating load |
Redundant (1+1), FRU, 920W with Input 100-240V, 11-4.4A, 50-60 Hz IEC60320-C14 inlet |
AC 1200W, Titanium Level, Redundancy, PMBus 1.2, +12V/+5Vsb, 360x76x40 mm, HF, RoHS/REACH |
AC 1200W, Titanium Level, Redundancy, PMBus 1.2, +12V/+5Vsb, 360x76x40 mm, HF, RoHS/REACH |
Regulatory compliance EMC |
FCC Part 15 Class-A, CE (Class-A), CNS 13438, CISPR 32, VCCI-CISPR32, EN 55035, EN 55032, EN 61000, ICES-003, KN 32, KN 35 |
FCC Part 15 Class-A, CE (Class-A), CNS 13438, CISPR 32, VCCI-CISPR32, EN 55035, EN 55032, EN 61000, ICES-003, KN 32, KN 35 |
FCC Part 15 Class-A, CE (Class-A), CNS 13438, CISPR 32, VCCI-CISPR32, EN 55035, EN 55032, EN 61000, ICES-003, KN 32, KN 35 |
Regulatory compliance safety |
CAN/CSA 22.2 No. 62368
UL 62368
IEC 62368, EN 62368
BS EN 62368 |
CAN/CSA 22.2 No. 62368
UL 62368
IEC 62368 EN 62368
BS EN 62368 |
CAN/CSA 22.2 No. 62368
UL 62368
IEC 62368 EN 62368
BS EN 62368 |
Environmental compliance |
RoHS, REACH |
RoHS, REACH, Conflict Minerals |
RoHS, REACH, Conflict Minerals |
*All performance values vary depending on the system configuration and traffic profile being processed.
- 7600PX and 7620PX can support continuous packet capture rates up to 20 Gbps with no metadata analysis (with at least one storage array
attached).
- 7600PX and 7620PX can support continuous packet capture rates up to 16 Gbps with metadata analysis (with at least one storage array attached).
- 7600PX and 7620PX can support continuous packet capture rates up to 14 Gbps with metadata analysis and with up to 10K Suricata rules loaded
(with at least one storage array attached).
- 7600PX supports continuous packet capture rates up to 10 Gbps with metadata analysis (with no storage array attached).
- 5600PX can support continuous packet capture rates up to 10 Gbps with metadata analysis (with at least one storage array attached).
- 5600PX supports continuous packet capture rates up to 6 Gbps with metadata analysis (with no storage array attached).