- Architecture Highlights
- Platform Overview
- RedBorder Manager Main Components
- What to do Next?
RedBorder is the ultimate open, active and scale out Cybersecurity Platform and real time Network Traffic Analysis (NTA). It´s based on Big Data technology for enterprise and service providers.
It´s capacity for ingesting, analyzing and reporting large amounts of data has been developed and tested in very high demand environments such as Network Traffic Analysis, Cybersecurity or the analysis and reporting of connections through wireless networks in venues.
The platform unifies the different data sources provided by the Apps and the probes. In addition, it includes a series of common features: dashboards and customizable reports, correlation, analysis engines, user management and layered storage.
Apps live inside the platform and are installable as if they were plugins. These focus on digesting new types of data.
The probes live off the platform, but are managed from it and their function is the creation of new types of data and inspection capabilities.
Depending on the Apps that are integrated in the platform, the user will see one or other options in the menu bar. The Apps that are available in this new version of redborder are the following:
- Advanced Dashboarding and Reporting Analysis: redBorder provides high-speed visibility at SP scale. RedBorder delivers invaluable knowledge by collecting intensive data from very demanding systems like traffic analysis or Real-Time Venue Analytics or like wireless networks (WIFI, Cell Networks).
- Open Source: we employ an open core business model for high-speed innovation, collective intelligence, freedom, and cost control. We believe in the power of the community betting on a purely Open Source future.
- Scale-Out, multitenant and CLOUD Ready Big Data: The Platform can process millions of events per second from networks of any size in real time. Scale-Out power for managing probes, network devices, analysis activity and users in a multitenant and cloud-ready infrastructure.
- Operational Intelligence: redBorder offers data enrichment with external intelligence sources combined with data mining, correlation and behavioural analytics. Gain practical insights from integrated data.
- API and command line services that allows the creation of new sensors or data sources and the configuration and parametrization of new topics, metrics and dimensions.
- Centralized, hierarchical and multidomain management of data.
- Easy management and configuration: graphic, simple and user friendly.
- Great performance with unbeatable ROI.
The way redBorder is designed enables ourselves as well as our users to customize the technology or enhance it to meet the most demanding requests from our clients. In essence, redBorder is a big data pipeline tailor made to the specifics of networking information.
Any type of information is injected into the system by transforming it into JSON format within a Kafka message and sent to the pipeline. From there it goes into successive processing stages, including enrichment (from external sources), correlation and indexing. As a unique value proposition, information can be stored as long as deemed necessary by our clients, and the system is able to respond both to real time queries as well as long term context request.
Two are the general functional pieces of the redBorder platform:
- RedBorder Manager: is the main component of the redBorder platform and is capable of processing millions of events coming from probes related to different domains (network traffic data, logs, IoT middlewares and devices, databases, etc).
- Probes /apps / data sources: hardware or Software systems or components connected to the redborder platform that sends data to be analyzed, monitored or event modified by redborder manager.
RedBorder Manager Main Components
- Collectors (rb_flow, rb_ips, etc): they capture data/events from on domain/protocol and send them as kafka event to the message bus (Kafka).
- Message bus (Apache Kafka): message bus. It provides us huge performance and reliability, as well as the flexibility needed to cope with so many different products (through JSON data formatting).
- Storage Engines: Enables the platform to store aggregated data with no time limit, and is specially designed for the type of data requests you expect to see in an analytics platform (slice and dice). As the rest of the elements, it scales linearly by adding new nodes to the cluster, it stores data in columnar format (better compression, less IO operations) and is fully schema less to be adaptable to any data requirement.
- Web-UI: Web Presentation Layer for the end user.
- API: Full API HTTP REST via https (json format).