NetWitness Professional Edition
August 31, 2004
Forensics Explorers ManTech InternationalProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
NetWitness has excellent data collection and analysis capabilities.
Its price might discourage smaller companies, even though they could benefit from using it.
NetWitness is more than capable of handling the volume of information generated by large networks.
Instead of examining disk drives for suspicious data, NetWitness monitors network traffic for suspicious events. It is easily installed from CD-Rom, requiring an activation key before it will function. It generates a unique computer ID number that has to be sent to their support centre, which will return an email with an activation key that locks the software to the workstation. The installation also offers a version of WinPcap if needed.
NetWitness can operate in "Stealth" mode, to avoid being detected in an intrusion attack, but only if it is operating on Ethernet-based networks. It can operate in a real-time mode, monitoring the traffic, or in file mode, in which case it will analyze files of captured data generated elsewhere, perhaps from Unix machines.
It also offers an archival mode, which ensures compressed logs of captured data are retained for later analysis, providing a way to track operations over time.
The system has extensive packet filtering features, allowing the analysis logs to be refined during the collection phase. A similar system is also available for events and properties. These "Application" rules can be applied to practically any piece of network information, and can generate a number of events such as real-time alerts and information logging as required. These facilities can be used to monitor parameters to meet particular legal requirements.
Having collected large amounts of data on network operations, NetWitness can collate and integrate it with data captured from other systems to produce a comprehensive understanding of the trends in the network traffic. It is then possible to refine the search and monitoring functions to focus on areas of concern.
All this information is presented in a way that brings simplicity and order to the complex and sometimes confusing network activity log information. When looking at the accumulated historical data, it is possible to see patterns of use that would be hard to find from simply examining raw network log files. The information is all there.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry