comprehensive data logging, analysis, and packet capture solutions, built from the ground up for you

NextComputing operates (4) lines of business related to Network data logging, analysis, and packet capture:

Portable / Deployable Data Recording Server Products

We are a premiere manufacturer of deployable appliances designed for high performance data recording based on the latest Intel, AMD and data storage technologies. Our systems give the highest level of compute and network capability in compact form factors to fit your performance requirements and working conditions.

Software OEM Services

We optimize software system performance (eg. for data ingestion rate, etc.) running on field-deployable hardware platforms, for 3rd party software provided by our Original Equipment Manufacturer (OEM) customers.

Some of the services we provide include:

Detailed throughput analysis including improving data ingestion rates in data recording use cases
BIOS optimization settings
storage partition mods
CPU/Thread core mapping
CentOS/RedHat Linux configuration optimizations
VM configurations
recommended adjustments / improvements to customer source code
3rd party source code maintenance

We thoroughly document operating instructions for how users can achieve optimum performance in the field.

Fly-Away Kit (FAK) Systems

We bundle deployable appliance(s) and accessories, with multiple 3rd party software packages as complete mobile solutions. We provide custom FAKs, and also offer specific standard FAKs for use cases like

Pentest
Digital Forensics
Servers for remote data-collection / data-forwarding
Network Sensors for CPT threat-hunting

We specify and support 3rd party software for all of these FAKs, install them in appropriate VMs etc, and provide complete documentation and end-user operating instructions and training, along with ongoing software patch/update services and QA/regression testing and logistics services.

Software Framework Products

This includes Packet Continuum and CyberPro, which are fully-supported end-user software-only products with supplemental APIs and modular components. Our OEM customers utilize these programs for agile development of value-add functionality. We are committed to open standard data interfaces (eg. PCAPNG, CSV, CIM, syslog, CommunityID, etc), and compatibility with interfaces commonly used by open source communities (eg. Suricata, Zeek, BPF, ELK, Big Data Platforms). Much of this expertise can be directly applied to your Logging Software (ELS) software effort.

The NextComputing Advantage

Experience

The key value-add for NextComputing is our unique experience manufacturing and optimizing the performance of integrated hardware/software systems for mobile deployment.

Deployable systems have special challenges for maintaining top software performance, while accommodating real hardware platform constraints, and difficulties of field deployment for reliability, support and rapid change. In addition, personnel turn-over within mobile teams requires special attention for technical documentation and operating instructions, as well as consistent QA testing and logistics management.

We understand agile software development, and have been committed to this concept in our existing businesses because:

Agile development is a key success factor for our long-standing OEM services business that supplements the underlying hardware platform products targeting mobile deployment.
Our software framework products are tools specifically developed to facilitate agile software development in the challenging application of real-time packet capture and DPI forensics. Agile development is essential because of changing OEM requirements and variable hardware platform constraints.

Support

The NextComputing software and systems engineering team can assist you with your open source implementations for network data logging, using our proven OEM services methodologies to optimize performance on your specific enterprise or deployable platform or ideally one of our various form factor deployable NextComputing platforms , and providing sustainable long term support and software feature upgrades in coordination with your CPT, SOC and NOC teams.

As with our Fly-Away Kit business, we will quickly acquire and diagnosis issues with 3^rd party software, and then manage, document, support, optimize and continually update those software packages over time.

Use Case: Modular Fly-Away Kit

The block diagram below is a good example of a complex modular FAK solution we support, including multiple network sensors ingesting data for multiple servers running in parallel, which in turn provide a web-based GUI for multiple user-analysts on mobile laptops. Note all components, including network switch, power sources, etc are portable within transit cases that are TSA-compliant single-person lift.

For the FAK use case above, a modular software architecture allows the hardware components to be re-configured for a variety of different use cases. For example, segregate components to monitor both classified and non-classified networks without the need for cross-domain equipment.

Click to enlarge

Also using this modular software architecture, the same FAK solution may be re-configured for very high lossless capture rates. This diagram shows 40Gbps lossless capture with 50,000 active IDS rulesets and 1,000,000 active ThreatIP alerts.

Click to enlarge

More About NextComputing Capabilities

Cyber Software Development Experience / Capabilities

NextComputing has extensive experience working with customer-developed or 3rd-party software. Typically, the challenge is how to optimize performance for a 3rd party application which is developed for standard data center servers. Typical data center software has special challenges when deployed on NextComputing small form-factor hardware platform like NextServer-X, within difficult use cases like mobile field deployment, with frequent operational challenges like power insecurity, frequent restarts, and high-speed/constant-use disk storage. Sharing only run-time object code, NextComputing has unique expertise to tune bottlenecks by adjusting BIOS settings, RAID configurations, NIC card utilization. We can make adjustments to open-source code and track any changes. When appropriate, we offer suggestions for adjusting code developed by customers and 3rd parties.

NextComputing has unique experience developing software for lossless packet capture and real-time DPI packet analytics. This began when our hardware OEM customers requested that we optimize a modular packet capture software framework with a critical requirement: no packet loss, within deterministic performance specifications for maximum sustainable capture rate, even with simultaneous operations for up to 50,000 active Suricata IDS rulesets, and fast PCAP search by multiple user-analysts. For this important use case, NextComputing developed the Packet Continuum / CyberPro packet capture software framework which runs native on any common hardware platform, scales to enterprise or carrier-grade networks with a unique Federation Manager software feature, and provides a mature and well-documented REST/API interface for automation, scripting, and easy integration with 3rd party cyber solutions.

NextComputing is committed to supporting open data access, standard data interchange formats, open API integrations with 3rd parties. We particularly wish to support the aspirations of open-source communities, with use of common syntax and interfaces used by open-source packages in common use. For example, Wireshark, Suricata and Zeek are open-source packages that have difficulty performing at enterprise scale, with problems like packet loss or unpredictable behavior. Our Packet Continuum software framework provides a clear deterministic performance while using open/common file formats & syntax.

Open-source applications integration/optimization, including the ability to integrate/optimize existing DCO applications (e.g DoD customers with open-source code bundles they may want to reuse) is another of our key capabilities. Many customers have long experience working with various open-source packages for cyber operations. NextComputing is eager to assist customers by integrating customer-specific combinations of open-source packages and optimizing performance while minimizing the cost of the underlying hardware platform needed to sustain that performance. For example, many government DCO customers have long history with open-source packages with valuable packet capture, real-time DPI analytics, IDS alerting and scripting capabilities. NextComputing can take these user-defined solutions and optimize a deployable hardware platform for exactly that set of open-source solutions — and provide ongoing revision control and configuration management for that specific bundle.

Configuration Management Capability

NextComputing engineering services for software and fly-away kit integration include initial specification of software tools and hardware accessories, creation of useful QuickStart Guides for inclusion within each FAK, precise revision tracking of the specified FAK components, consistent QA / regression testing, and regular software patch updates for all included software. Logistics services provide quick turnaround for any legacy FAK appliance taken from a field mission, to refresh the hardware and bring all software to the most recent version, then QA / regression test, and ready for stock or drop-ship to the next field mission. NextComputing has partners with cleared personnel and restricted facilities and who can provide these logistics services to DoD cyber operations and other government customers.

Air-Gap Updates / Support Enhancement Services

Software installation and regular software version updates / patches are always a challenge for cyber operations within a restricted air-gap environment. This is especially true for mobile FAK systems that contain many diverse software tools — both commercial and free or open-source FOSS software, each with their own update schedule. NextComputing has developed unique capabilities to support FAKs deployed across air-gaps. NextComputing engineering support services will bundle multiple software updates together so that all integrated software packages can be brought to current version with a single operating procedure. Software updates with clearly documented instructions will be provided via a secure ShareFile, such that cleared support personnel (either the customer team, or a cleared/certified technical support partner of NextComputing) have instant access to download updates and instructions for removable media to carry across the air-gap. Within the air-gapped zone, support personnel will be able to update all FAK units from a central point, using the “Federation Manager” feature of the Packet Continuum software framework.

Certain FAK software tools, including threat intelligence resources with streaming data services or internet-based threat query access, will not operate as-is in an air-gap environment. NextComputing has experience working with customers to minimize operational complexities and optimizing the value for cyber operations of software tools within a restricted air-gap zone. Sometimes the solution is to bring the threat data base into the air-gap zone. When this is not possible, NextComputing can assist with custom software and/or special operating procedures. NextComputing has extensive experience with FAK hardware, software tool suites in air-gap operation for multiple customers.

Additional Capabilities

Ability to improve ingestion rates, reduce latency and response times, reduce footprints, enhance usability aspects
Our modular, component-based development method is based on the fundamental Unix philosophy of creating small components that can be combined in a way to get the problem solved
Strong performance benchmarking and optimizations for packet ingestion and metadata processing
Strong ability to debug and offer timely resolutions
Our team possesses deep understanding of all aspects of application development, respect for frameworks and languages, and the need to keep our platform open and extendable.
Processing PCAPs in an appropriate format understood by Wireshark and other tools
DPI, alerts, and metadata converted to JSON format for optimal efficient data ingestion into Elastic
To support agile development methods, we are passionate about our work and success outcomes for customers — and open to various programming languages or frameworks including a deep understanding of both Suricata and Zeek. We can recommend the appropriate framework based on customer needs.
Augmentation, enrichment and custom-mapping of DPI data from Suricata and/or Zeek
We have components and workflows built using languages such as C, C++, Rust, Python, Java, Javascript, React, KQL, Shell scripting
We have strong proficiency in understanding deeply open-source projects
We have embedded free version of ELK stack into our framework and improved its scalability
One of the biggest clients of Elasticsearch (licensed version) for other projects has said how well we are extending the capabilities of the free version, when they noticed that we have managed to store 56 billion documents on a single Elastic node
We are one of the earliest adapters of DPDK. We have DPDK running on various systems and NIC architectures — each with different configurations and resources