NetWitness Decoder
 |
What really happened on your network?
Decoder is a real-time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyze full network traffic in an infinite number of dimensions. |
Unlike other network recording products, Decoder fully reassembles and globally normalizes traffic at every layer for full session analysis. The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets.
Decoder provides a Total Network Knowledge™ database that can be mined in real-time by the NetWitness® Investigator and Informer applications. There is also an API for more advanced applications. Decoder combines network metrics with deep analysis of application flow and content in a way not seen on other products.
Product Features:
- Linux-based, highly configurable, and fully upgradeable hardware platform, providing full packet capture and reassembly
- Fully scaleable with a distributed architecture
- Protocols and applications: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), Bittorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR and many others.
- FIPS(Federal Information Processing Standard) compliant SSL communications
- Expandable SAS storage capacity & supports SAN solutions
- API/SDK for custom applications
- Software-only solutions are available for Windows® and Linux
NetWitness Concentrator
Can you track malicious and anomalous activity and trends across your entire enterprise network?
Are there relationships between unexplained network activities across your organization?
NetWitness® Concentrator appliances allow you to deploy multiple NetWitness Decoder appliances across a complex enterprise network and have an aggregated real-time view and reporting of events right across the complete network. Now detailed network and application layer informaion from multiple capture devices can be aggregated and analysed.
For larger networks, Concentrator appliances can be cascaded in a distributed architecture to provide the scalability and flexibility needed for an organisation's specific needs. An API is available for more advanced applications.
NetWitness Investigator
How quickly can you understand the scope and impact of malicious activity?
Can you provide forensic evidence of what's happened on your network?
NetWitness® Investigator is a Windows-based software application that provides unprecedented fast and efficient, free-form contextual analysis of terabytes of raw data captured and reconstructed by NetWitness Decoder. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defence, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments.
With its groundbreaking user interface and unprecedented analytics, Investigator lets you see your network traffic in a new way. Unlike some products which display network traffic in the context of confusing network nomenclature, Investigator uses a lexicon of nouns, verbs and adjectives – characteristics of the actual application layer protocols parsed by NextGen during session reconstruction.
Both novice and expert users can use Investigator to pivot terabytes of network traffic easily to dive deeply into the context and content of network sessions in real-time -- making threat analysis that once took days, take only minutes. It is this intersection of network metrics, rich application flow, and content information that differentiates NetWitness® products from any other capability on the market today.
In addition to the rich data Investigator receives from the NextGen infrastructure of NetWitness Decoders and Concentrators , Investigator can locally capture live traffic and process packet files from virtually any existing network collection device for quick and easy analysis.
Product Features:
- Real-time, Patented Layer 7 Analytics
– Effectively analyses data from the application layer point of view, using real entities such as users, email, address, files, and actions.
– Infinite, free-form analysis paths
– Content starting points
– Patented port agnostic service identification
- Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)
- IPv6 support
- Captures live from any wired or wireless interface
- Full content search, with Regex support
- Exports data in .pcap format
- Imports packets from any open-source, home-grown and commercial packet capture system(e.g. .pcap file import)
- Bookmarking & History Tracking
NetWitness® Investigator is available in different software editions to match requirements.
- Investigator Field Edition
With Investigator Field Edition you are provided with a full featured, stand-alone product capable of local live capture and local packet file importing. Ideal for tactical and point analysis of network traffic. Importing and capture is limited to 25GB per case, with unlimited cases.
- Investigator Field Edition Advanced
As an expanded version of Field Edition, Field Edition Advanced is ideal for users that require looking at massive amounts of local data, or require a longer duration of live capture capability. Importing and capture is limited to 500GB per case, with unlimited cases.
- Investigator Client
Licensed to customers with a NetWitness NextGen™ infrastructure, Investigator Client is ideal for multiple enterprise users that require remote analytical access to NetWitness NextGen™ systems. Importing is limited to 10GB per case, with unlimited cases. Local live capture is not supported.
Screenshots:
NetWitness Informer
Can you be alerted in real-time to malicious activity or rule-breaking?
Can you monitor and report on your regulatory compliance?
NetWitness® Informer is the enterprise reporting and alerting application of the NetWitness NextGen™ product suite. Informer uses the power and Total Network Knowledge inherent in the NextGen data capture and session reconstruction infrastructure, and the analytics of NetWitness Investigator to provide detailed reporting and alerting on network performance, insider threats, data leakage, compliance monitoring, I/T asset misuse, hacker activities, and a host of other problems.
NetWitness® Informer is a revolutionary new approach to network reporting and alerting. Informer goes beyond traditional network reporting and alerting products on the market because it does not simply rely upon log files, netflow or other limited data sets to generate reports. Informer uses the comprehensive network traffic that is captured and reconstructed by the NextGen infrastructure to provide a real-time glimpse into incidents, threats, anomalies, misconfigurations, compliance violations, and other malicious or benign activities on your network. Informer is a fully interactive, intuitive web-based report engine with design features that enable users of any level to create the perfect report without sophisticated programming or outside help. In addition, every report result is backed up with hard evidence, with one click into NetWitness Investigator .
Every network reporting product on the market today uses log files or complex network layer or flow information as its data source. Not only does NetWitness® Informer provide the type of insight provided by these products, but it also goes above and beyond to allow access to unprecedented details into network applications and content. This efficiency allows users to replace dozens of reports from existing technologies, with a single Informer report. And it is this intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capability on the market.
Product Features:
- Pre-loaded with hundreds of report rules, categories and templates out of the box
- Flexible, WYSIWYG drag-and-drop report builder & scheduling engine
- Fully customizable, XML-based rules and report library for infinite report and alert combinations
- Full role-based access controls
- HTML and PDF report formats included
- Supports SNMP, syslog, SMTP data push
- Supports 3rd party data sources to enrich report context
- Offered as Windows® software –or- integrated appliance for total flexibility
Report Examples:
- Network Management & Performance – standard reports across network layer metrics
- Entity Behavior – monitor and profile computer, user, and resource activity across every application and device
- Enterprise Security – profile zero-day, BOTnet, and intrusion activity with complete content
- Corporate Policies & Regulatory Compliance - audit network-based components of policies and regulations such as FISMA, HIPPA, ISO 1779, SOX\GLB, and PCI standards.
- Intellectual Property & Proprietary Data Control – profile sensitive content flow in real-time with total access to all events and content surround suspect activity
- Customer Protection & Management – identify risk to personally identifiable information
- Legal –support e-Discovery, criminal investigations, or liability audits through network entity profiling and analysis
Screenshots:
To find out more about NetWitness products call Phoenix Datacom on +44 (0)1296 397711 , send an email or use the Request More Info form. |
