Pattern Matching
As new network attack vectors emerge and network traffic volume increases, the need to monitor traffic at high rates is ever increasing. Pattern Matching is another feature of APCON’s IntellaView and IntellaFlex HyperEngines that allows SecOps and NetOps teams to match packet contents and filter for specific traffic. This feature allows you to search on individual packets or sessions to identify data based on patterns in any part of the packet payload.
Find the needle in the haystack
React intelligently to identified traffic patterns
Today’s network security monitoring tools can benefit from pattern matching to identify potentially dangerous traffic. Using our Deep Packet Inspection technology (DPI), the contents of packets can be matched against patterns of known traffic to identify content, including attack-carrying packets, that can then be forwarded accordingly. APCON’s Pattern Matching uses regular expressions (regexs) to match packet contents in near real time.
There are many possible actions you can apply on pattern matches, including:
- None: useful for getting stats or insights into the traffic
- Mask: swap out the text that matches the regex with a user-specified character
- Pass: pass packets that match the regex
- Drop: drop packets that match the regex
- Session pass: pass all packets in the flow when a packet matches the regex
- Session drop: drop all packets in the flow when a packet matches the regex
Features
Six different actions that can be applied to matching packets
Filter traffic on individual packets
Filter traffic on sessions
Benefits
Ensure HIPPA & PCI DSS compliance
Enable more efficient tool usage
Mask personally identifiable information (PII)
Malicious content and intrusion detection
See how it works
Schedule a demo today for access to our online demo center to see how easy it is to use IntellaView to set up Pattern Matching to filter packet contents according to regular expressions.
Pattern Matching hardware
Enhance network performance
Intelligently identify traffic patterns and potentially dangerous traffic by using regular expressions to match packet contents. Pattern Matching is a licensable feature on the following APCON hardware:
Ultra-high performance network visibility
IntellaView
The IntellaView HyperEngine enables real time packet processing of 100G network traffic to prevent tool oversubscription and supports up to 600G total throughput through six packet processing service engines that can be run concurrently.
Pattern Matching blades
IntellaView
HyperEngine Packet Processor
ACI-4033-E00-1
- real time processing across 1G / 10G / 40G / 100G feeds, supporting up to 600G total throughput
- Shared source ports can use the same service engine
- Application Filtering, Pattern Matching, Traffic Shaping, Packet Deduplication, and NetFlow Record Generation,
1G / 10G / 40G legacy platform
IntellaFlex XR
The IntellaFlex XR HyperEngine network packet broker blade adds up to 200G of high-performance processing features to IntellaFlex XR monitoring systems. With up to 16 configurable service points, it provides real time processing across 1G / 10G / 40G / 100G feeds.
Pattern Matching blades
IntellaFlex XR
HyperEngine
ACI-3033-E02-1
- Performance up to 200G
- 16 internal service points, 2 40G Ethernet ports
- Packet Deduplication, NetFlow Generation, Tunnel Termination, Packet Slicing, Protocol (Header) Stripping, and Pattern Matching
IntellaView Datasheet
Ultra high-speed packet processing
With up to 600G processing capability, the IntellaView HyperEngine can effectively monitor every packet in the high-speed data stream to remove duplicates and improve tool efficiency. It also enables duplicate matching across layers 3 and 4 headers and payload, and supports a large, configurable window size of up to 500ms.