The Cequence Network Sensor is a lightweight, passive traffic collection component that captures HTTP transactions and forwards them to the Cequence Unified API Protection (UAP) platform for analysis without interfering with existing network operations. Operating out-of-band, the sensor monitors network traffic on a designated interface, extracts HTTP request and response pairs from packet data, and prepares them for analysis by converting transactions into a standardized Cequence format.

The sensor provides built-in capabilities for filtering traffic, discovering API endpoints, and detecting and masking sensitive data to ensure compliance and security.

Key features

• Built-in tunneling support with automatic detection and parsing of: GRE, IP-IP, VXLAN
• Can work with external producer of packet flow generated from a network tap or a promiscuous listener port.
• Sensitive data detection and masking.
• Configuration using the Config Updater.
• Prometheus metrics monitoring.

Cequence Network Sensor is a lightweight standalone container designed to be installed to a virtual machine running RHEL 8.4 running Docker.

Highlights

Sensor changes

The Cequence Network Sensor now incorporates the latest Zeek Engine version 7.2.1. This update brings improved stability, performance optimizations, and access to the most recent security analysis capabilities provided by the Zeek framework. By leveraging version 7.2.1, administrators benefit from the latest protocol analyzers, bug fixes, and community-contributed enhancements that have been integrated into the Zeek project.

Sensitive data detection and masking

The Cequence Network Sensor now includes built-in sensitive data detection and masking capabilities, eliminating the requirement to deploy a separate Cequence Bridge for this functionality. The sensor automatically identifies and masks sensitive data elements within HTTP transactions, including payment card numbers, authentication credentials, personally identifiable information (PII), and other confidential data types. This consolidation streamlines infrastructure deployments while maintaining comprehensive protection for sensitive information in network traffic.

AF_PACKET Support for High-Performance Packet Capture

The sensor now includes native support for AF_PACKET, a Linux kernel-level packet capture mechanism that significantly improves performance in high-throughput network environments. AF_PACKET has several advantages over traditional packet capture methods.

• Reduced CPU overhead: By leveraging kernel-level packet processing, the use of AF_PACKET minimizes the computational burden on the system.
• Higher packet capture rates: Capable of handling multi-gigabit traffic loads with reduced packet loss.
• Better scalability: Efficiently distributes packet processing across multiple CPU cores.
• Lower latency: Direct memory-mapped ring buffers enable faster packet delivery to the analysis engine.

AF_PACKET feature is particularly beneficial for administrators monitoring high-bandwidth network segments or environments with sustained traffic bursts, ensuring comprehensive visibility without performance degradation.

Built-in Tunneling Protocol Support

The sensor now provides automatic detection and parsing capabilities for commonly used network tunneling protocols, specifically GRE (Generic Routing Encapsulation) and VXLAN (Virtual Extensible LAN). This enhancement eliminates the need for manual configuration or custom scripting to analyze encapsulated traffic.

• GRE support: Automatically identifies and decapsulates GRE-tunneled traffic, allowing the sensor to analyze the original payload for security threats and anomalies
• VXLAN support: Seamlessly processes VXLAN-encapsulated packets commonly found in virtualized and cloud environments, providing visibility into overlay network traffic
• Transparent operation: The tunneling support works automatically without requiring administrator intervention, ensuring that security analysis occurs on the actual application-layer data regardless of network virtualization

Built-in tunneling support is essential for organizations using software-defined networking (SDN), cloud infrastructures, or multi-site network architectures where traffic encapsulation is standard practice.

Post-Deployment Configuration through Cequence UAP Platform

After completing the initial sensor deployment, administrators can now manage and configure the Cequence Network Sensor directly through the Cequence UAP (Unified API Protection) platform interface. This feature streamlines ongoing sensor management and reduces the operational overhead associated with maintaining distributed security infrastructure.

Enhanced Prometheus Metrics

The sensor now exports expanded Prometheus-compatible metrics that provide deeper visibility into both sensor processes and network traffic characteristics.

Packages