GRISM GRISM GRISM
GRISM

Pervasive Inspection

Security Function Offloading

Perimeter Defense

Contact Us
Key Functions
Netflow
Netflow
Extract the network metadata from packet streams.
Service Bypass
Service Bypass
Make the low-risk traffic skip security inspection.
Deduplication
Deduplication
Remove L3-above duplicated packets.
Load Balance
Load Balance
In-line or OOB session-based traffic load balance with HA configuration.
Aggregate
Aggregate
Collect traffic from several sources or interfaces.
Filter
Filter
L2 to L7 session-based or packet-based filtering.
Massive Blockin
Massive Blocking
Detect and block sessions by a massive list of IPs/Domains.
X-tunnel
X-tunnel
Tunnel for traffic span to support cross-site or VM2VM monitoring.

Detail

Features

Architecture diagram

Hardware Spec

Any-to-Any Delivery

Each interface can be INPUT or OUTPUT

1-to-many, many-to-1, many-to-many

To any selected interface after filtering

Advanced Distribution

Filter Processor - Composed of a set of rules with AND / OR operation - Session-based filtering and packet-based filtering - L2-L4 header filtering rule: MAC address, Ethertype, VLAN ID, IP range, TCP/UDP port…

DPI-enabled Filter Processor - L4-L7 Pattern-based filtering - Pattern format: HEX, ASCII strings and Regular Expression

Tunnel-awareness filter - Apply all filtering rules on in-tunnel packets where GRE / VxLAN / QinQ / MPLS - Tunnel ID (ERSPAN/X-tunnel) filtering

Processor Chain - User-defined graphs of Filter Processors

Out-of-band Load balance

Same Dst IP / Src IP / Dst Port / Src Port sticky to same egress ports

Same 5-tuple hash sticky to same egress ports

Delivery HA: Re-distribute to link-up egress ports

Balance port groups: Max 8 egress ports

Packet Engineering

Tag removal: MPLS / VLAN / QinQ…

Unpacking Tunnel
(Tag removal and re-encapsulation):
GRE / GTP / ERSPAN / NvGRE / VxLAN

User-defined VLAN tagging for input packets or output packets

Packet Deduplication

Monitoring Network Virtualization

GRISM to GRISM tunnel

Encapsulation: GRE, VxLAN, ERSPAN, X-tunnel

Network Traffic Intelligence Extraction

Generate Netflow V5 / V9

Generate HTTP log

Generate DNS log

Sensitive Data Protection

Packet slicing - Preserve N bytes - Remove TCP / UDP payload

Data mask - Replace sensitive data segment in TCP / UDP payload - Data segment can be defined in regular expression

In-Line Aggregation and Re-Distribution

N network links X M monitoring links (N X M)

In-line session-based load balance with HA strategy

Intelligent content-based bypass - IP address List - User-defined pattern in regular expression

PCAP File Prcoessing

Stream snapshot in PCAP format

Filter PCAP files with timestamp persistance

Remote recording agent over L2-L4 switch

Telecom Correlation Processing

Mobile 3G / LTE data netwok - Filter GTP-C / GTP-U by IMSI/IMEI - Subscriber-based load balance

Fixed ISP network - Filter user-plane packets by RADIUS ID - subscriber-based load balance

Virtual Machine Traffic

VM traffic redirection by GRISM-V (as a VM instance)

Supporting environment - KVM - VMware ESXi / vSphere

System Control and Operation

Web GUI agent for authenticated users

Advanced Control - XML script over HTTP

Management protocol: Telnet, HTTP, SNMP V2

Front-line Security

Massive Blocking - IP / Domain / URL - Max 2,000,000 entries

3rd party threat intelligence import

Grism architecture
GRISM-G8
GRISM-G8
GRISM-T16
GRISM-T16
GRISM-T2G8
GRISM-T2G8
GRISM G8
GRISM T2G8
GRISM T16
GRISM T32
Network Interface
1G RJ45*8
10G SFP+*2 1G RJ45*8
10G / 1G SFP+*16
10G / 1G SFP+*32
Management Interface
1G RJ45*8
10G SFP+*2 1G RJ45*8
1G SFP*1
1G SFP*1
Data Processing
1.Ethernet 2.PCAP file
1.Ethernet 2.PCAP file
Ethernet
Ethernet
Storage
SATA2*1
SATA2*2
2GB (virtual disk)
2GB (virtual disk)
Forwarding or Replication
8Gbps
28Gbps
160Gbps
320Gbps
NetFlow Processing
3Gbps
10Gbps
30Gbps
60Gbps
Mechanical
Appliance
Appliance
Appliance
ATCA 3U two blade
Power
AC 110V-220V input
AC 110V-220V input
1.Dual DC -48V input
2.Dual AC 110V-220V input (with external PDU)
Dual AC
110-220V input

Download