NetSkateKoban Enterprise combines powerful network visualization functions with intranet security features (detecting, reporting and blocking unauthorized terminals). The system is scalable; large-scale nationwide networks with tens of thousands of devices can be centrally managed from a single NetSkateKoban Manager. We have a track record of monitoring networks with over 1,000,000 terminals and over 8000 switches using a single NetSkateKoban Manager.

NetSkateKoban Enterprise Features

Drawing of Network Map

It detects all connected devices and automatically draws a network configuration diagram. This makes it possible to centrally monitor maps over the network. It is also possible to display a network map going back to a certain point in the past, allowing you to trace the terminal connection status.
Additionally, the network map editing feature allows you to customize the map and display it in a more physical layout.
 

Displaying Resource Usage Status

The optional NMS module enables the  monitoring and visualization of interface status, traffic statistics, resource usage, and service availability. It also provides a powerful and instinctive user-interface through an automatically generated Network Map.
 
feature6_map-e.png
 
*1) NMS module  (optional) is required.

Switch Configuration Diagram

 
Even in complex networks consisting of many Ethernet switches, the connection status of the switches is automatically grasped, and a switch configuration diagram is drawn and displayed.For more information, click here
 

Display of Connection Information between Ports

The port connection status between switches is understood and automatically illustrated. The interface name and port number are displayed in the connection diagram, so you can see at a glance which port each switch is connected to and what type of terminal is connected to the port.

Identifies Switch Status by Color

The status of the switch is displayed by color, so you can instantly understand the status of the switch.
  • Normal/Abnormal
  • Existing but unregistered or non-intelligent switch
 
feature2_L2map.png
 
Note) NMS module  (optional) is required.
 
No network configuration is required and there is no need to change the existing network configuration. It can be adapted to any network configuration. Just by connecting the sensor to the network, monitoring and shutdown are possible without placing any load on the network. It operates based on Internet standards and can be used without relying on network equipment from a specific vendor, reducing unnecessary expenditures.
overview.png

 

 

EX can be supported without hardware
(Virtual environment on VMware (VMwareHA compatible))

RtrMon sensor is available without hardware
(Virtual environment on VMware (VMwareHA compatible))
When an event occurs, such as an unauthorized device connection, a health check warning, or a threshold violation, the concerned device is highlighted on the network map. The event is also logged and the appropriate action is taken in realtime based on the policy.
 
feature2_process.png

 

detection event

feature2_basicevent.pngfeature2_extension.png

Continuous Monitoring

It captures ARP packets, DHCP packets, and ICMP packets flowing on the network without losing them, and continuous monitors the connection status. It also works with ethernet switches and routers to continuous monitor the network status.
 

Detection

Abnormalities are detected based on unauthorized terminal connection notifications from sensors, occurrence of abnormal events, and notifications from linked systems.
 

Specification/Illustration

The source device is identified based on the detected information, and the device is highlighted on the network diagram to show its location. It is also possible to search which switch (port) the relevant terminal is connected to, allowing you to quickly identify the actual device.
 

Realtime Response

Blocking, notification, and guidance actions are taken according to the policy set for each event that occurs.
Multilateral communication interference will effectively block communications of unauthorized connected terminals.
 

Record

All events that occur are recorded and can be confirmed using various reporting methods.
feature4_title.png
By linking with asset management systems, UTMs, anti-virus solutions, IDSs, IPSs, etc., a multi-layered defense becomes possible, enabling the implementation of stronger security measures..
 
extension_map.png

 

Cooperation with Asset Management Server

By importing the terminal information registered on the asset management server into NetSkateKoban Manager, it is possible to detect the connection of a terminal that is not registered on the asset management server. By scheduling to periodically import information from the asset management server, monitoring using the most recent information is possible.

 
 

SNMP Trap/Syslog Linkage

Cooperation with Firewall and UTM Products
NetSkateKoban Manager obtains information on terminals performing abnormal communication, from Firewall or UTM products, and blocks the terminals from the network.
 
Cooperation with Antivirus Products
NetSkateKoban Manager obtains information on virus-infected terminals detected by antivirus products and pinpoints those terminals. After the virus protection is finished, the blocking status will be cancelled automatically or manually after a certain period of time.
 
Cooperation with Ethernet Switch

It receives loop detection SNMP Traps from the switch and performs processing such as sending emails according to the set policy.

Standard Feature

Network Visualization

Network Map Display

  • Hierarchical display
  • Automatic drawing display of terminal connection status
  • Map display of past connection status
  • Editing the map (creating a physical layout diagram, changing icons, etc.)

Terminal/User Management

  • Terminal whitelist creation
    Automatically/manually register devices that detect a connection to the whitelist
  • User list creation
    Set device user
  • Batch registration by CSV import

Device List Display

  • Detected terminal list display
  • Displaying a list of registered terminals
  • NetBIOS information, OS name display
      *The OS name may not be displayed.

Switch Coordination Monitoring/Display

  • Searching for the port to which the device is connected
  • Displaying a list of connected terminals by port

Event Display

  • Displaying a List of Various Events
  • Highlight display of the corresponding terminal when an event occurs (both map and list)

Policy Management

  • Setting application conditions for detection events
  • Action settings when an event occurs (communication interference, email notification, command execution, trap notification, Syslog notification)
  • SNMP Trap reception and action settings upon reception

Operation

  • Sensor operating status monitoring
  • Sensor settings
  • CSV input/output (user, terminal, switch, sensor, connection history)
  • Trace route display

Report

  • List of IP/MAC addresses used
  • List of device registration information
  • List of top 10 used services
  • Service and server list
  • Number of detected terminals/number of terminals detected
  • Number of warning terminals/number of warning terminals detected
  • Warning terminal IP address list
  • Koban alarm detection status
  • Unauthorized connection detection list
  • IP address duplicate detection list
  • Traffic reporting (requires NMS option)
Unauthorized Connection Prevention

Surveillance

  • Detection of registered/unregistered terminal connections
  • Detection of duplicate IP addresses
  • Detection of IP address changes
  • Out-of-range IP address detection
  • Detecting unregistered DHCP servers
  • Searching for past connection information
  • Displaying a list of terminals interfering with connection
  • Filter settings (excluding specific terminals from monitoring targets)

Communication Control

  • Manual/automatic execution of communication jamming
  • Guidance: Direct communication from a specific terminal to an arbitrary destination (quarantine site, connection application site, warning site, etc.)
  • Multilateral communication interference

  • Disturbance release

Policy Management

  • Setting application conditions for detection events
  • Action settings when an event occurs (communication interference, email notification, command execution, trap notification, port automatic blocking)

SNMP Trap/Syslog Collaboration

  • Communication interruption of terminals and event notifications due to reception of Syslog and SNMP Trap sent from other systems such as anti-virus and UTM products.

Optional Features

opt_nmslink.jpgopt_dbsyncicon.jpgopt_webregicon.jpgopt_dhcpicon.jpgopt_quqlaicon.jpgopt_webconsoleicon.jpg

Component Products/Recommended Machine Specifications

The NetSkateKoban Enterprise model consists of a manager, a console, and a selection of sensors that apply to the network configuration to be monitored.