LevelOne New Product
ICI-1000 Internet Content Inspector LevelOne ICI-1000 Internet Content Inspector empowers your business security and operations teams by providing granular data monitoring and precise packet and session reconstruction capabilities. The solution is designed to combine process and technology into a single effective system for network forensics. Business can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. ICI-1000 offers real innovation by enabling unprecedented visibility and control of applications and content with no performance degradation. It identify applications accurately - regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage.
Why ICI-1000
Security Leaks Prevention Increase Employee Productivity Network Traffic Capturing & Recording Analysis & Improve Network Performance Forensic Evidences To monitor employee productivity in the workplace To monitor employee compliance with employer workplace policies related to use of its computer systems, email systems and Internet access To investigate complaints of employee misconduct, including harassment and discrimination complaints To prevent or detect industrial espionage, such as theft of trade secrets and other proprietary information, copyright infringement, patent infringement, or trademark infringement by employees and third parties To prevent or respond to unauthorized access to the employer’s computer systems, including access by computer hackers
Session Reconstruction Most packet capture solutions and network sniffers only display raw packets and leave it to the user to decode and determine the potential problems they represent. ICI-1000 collects network traffic and reassembles it as its native session based format, enabling users to quickly and easily make business decisions based on the service it was providing. Iris users can present the actual text of an email, as well as any attachments, exactly as it was sent. It provides reconstruction of full HTML pages that end users visited and reconstruction of cookies for entry into passwordprotected websites. Iris will even display bi-directional instant messaging communications allowing full session reconstruction as the end user sees it.
Real Time Inspection & Protocol Supported Email, Webmail HTTP includes Links, Content Reconstruct, Upload and Download File Transfer, FTP, P2P IM/Chat includes Messenger, Yahoo, ICQ, QQ, IRC, Google Talk, etc Others: Online Games, Telnet, etc. Skype / VoIP voice message can be recorded too*
Data Capture The capture engine is designed as a service oriented architecture, permitting security professionals to gather forensic information while performing other tasks in parallel. It is designed to capture specific data via filters based on an extremely large of traffic metrics. This approach ensures that all targeted traffic is captured, regardless of whether the solution is run interactive or as a service. For capacity and service level agreement planning, ICI-1000 allows users to leverage traffic captured in one area of a network for use elsewhere, as well as for the monitoring of applications in development. Additionally, ICI-1000 allows for advanced functions such as keyword searching and protocol distribution.
Statistical Analysis ICI-1000 provides a large variety of statistical measurements, supplying information on protocol distribution, top hosts, packet-size distribution and bandwidth usage. By regularly analysing how systems and applications are being used, administrators can proactively identify and eliminate issues before they can result in downtime.
Telco Grade for the SMB ICI-1000 platform is being deployed from many ISPs across the world *Skype / VoIP voice recording requires additional license purchase
Basic Diagram
Mirror Mode Implementation / Real-time Reconstruction
Sniffer technology is used for capturing Internet contents through port-mirroring Ethernet switch Management port can be connected to the core switch and allow system administrator to access the system from anywhere
Reference Sites and Customers Being Implemented
Criminal Investigation Bureau The Bureau of Investigation Ministry of Justice National Security Agency (Bureau) in various countries Intelligence Agency in various countries Ministry of Defence in various countries Counter/Anti-Terrorism Department National Police, Royal Police in various countries Government Ministries in various countries Federal Investigation Bureau in various countries Telco/Internet Service Provider in various countries Banking and Finance organizations in various countries Others
Target Market
Education Research Institution Enterprise / Corporate Government Agency Lawful Enforcement o Military o Police o Intelligence o National Security Telco & ISP Services
Note: Due to confidentiality of this information, the exact name and countries of the various organizations cannot be revealed
Feature Screen Shot
Top-Down Drill Detailed Report
Email (Pop3, SMTP, IMAP)
Webmail (Gmail, Yahoo Mail, Hotmail)
Instant Messenger (MSN, Yahoo, IRC, GTalk)
HTTP (Web Link, Content, Source IP)
HTTP Download / Upload Content
Specifications Hardware
Processor Intel Atom D525 Dual Core 1.8GHz CPU Memory 2GB Storage 2TB in 3.5 inch SATA Drive Ethernet Port Mirror Port 10/100/1000Mbps Management Port 10/100/1000Mbps Form Factor 19 inch Rack Mount Operation Temperature 0 to 40 Celsius
Order Information ICI-1000 Internet Content Inspector, 50 Users, One Year Free Upgrade ICI-2000 Internet Content Inspector, 250 Users, One Year Free Upgrade ICI-1000-PMA One Year ICI-1000 Product Maintenance Agreement ICI-2000-PMA One Year ICI-2000 Product Maintenance Agreement