Matrix overview
The Matrix is a network management switch that can filter, de-duplicate, trim and time stamp inbound traffic and replicate, aggregate, or load-balance outbound traffic before sending it to your network and security monitoring tools.
Figure 1: Matrix in your network
The Matrix can perform multiple operations on inbound data before it is transmitted out tool ports:
Filter traffic of interest to specific analysis devices: filters are created using open source BPF Unix-based language and/or an intuitive GUI interface. Filter traffic by variables, including clients or servers, applications, packet length, or ports, and incorporate Boolean logic.
De-duplication: eliminate redundant packets to streamline monitoring efficiency and reduce the amount of redundant data sent, analyzed, and stored. Configurable de-duplication definitions gives you options (for example: ignore MAC address pair, TTL, and more) to create de-duplication rules for your environment.
Packet trimming: discarding portions of the packet, such as payload data, for improved storage of data or to mitigate possible security/legal/privacy concerns related to sensitive payload data retention.
Outbound data can also be flexibly directed using:
Replication (one-to-many): Copying a single inbound stream to multiple tool ports, great for transmitting identical data to distinct monitoring appliances
Aggregation (many-to-one): Combining multiple streams of network traffic into a single outbound stream for more efficient tool analysis
Load balancing (many-to-many): Apply dynamic routing via packet or conversation to logically distribute network traffic to multiple tool ports; extending the life of legacy monitoring devices and ensuring traffic spikes do not result in oversubscription and/or dropped packets
These capabilities are managed using a drag-and-drop GUI that accelerates the Matrix configuration process by placing all traffic manipulation in a single rule block rather than scattering it across inbound and outbound ports. It also facilitates the display of network-tool interconnects and corresponding traffic operations that makes even the largest, most complex monitoring infrastructure straightforward to visualize and update. These rules are all managed in a central library for use by the entire monitoring team and can be imported or exported.
Matrix provides three user or product interfaces:
HTML5 web UI
Command line interface (CLI)
RESTful API: Designed into the product from its inception, the Matrix RESTful API provides third-party solutions access to all the configuration and management capabilities found in the web UI and CLI.