July 11, 2006
Mantech International Corp.Product:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy to use; very good user interface.
- Weaknesses: Scalability and documentation.
- Verdict: A strong network forensics product that could be a winner with a little work.
NetWitness is a network traffic security analyser that the vendor describes as a "security intelligence" tool. Setup is simplified by its new installation wizard, that worked correctly the first time, and was a breeze. We then fed it a set of snort packet logs, that it accepted without complaint, and were able to begin analysis within an hour.
NetWitness presents standard intrusion detection packet logs in a comprehensive format for analysis. But one of its most promising features, the packet miner, is only available for Cisco IPS 4200 sensors.
Basically, it helps to automate the IDS analysis process, a valuable function in an incident, and NetWitness should have it available for other IDS products. As it stands, the appliance can collect logs from other systems, but it is left to the analyst to make sense of them.
One additional key feature is the ability to identify such things as credit card numbers and social security numbers - a very strong feature in the area of compliance.
NetWitness behaved well in our test suite. We had no difficulty feeding it a set of pre-collected logs and we expect that it will also behave well in production.
While we did not test data throughput, based upon user comments we expect that volume of data flow is not likely to be a problem. But one challenge we see is the need to add additional storage for large enterprises. This scalability problem is matched by the apparent lack of an explicit distributed configuration for appliances in a large geographically disbursed enterprise.
Documentation, by all accounts significantly improved on the previous version, is divided into separate, focused manuals for administration, best practices, installation and user guide. But although very well produced, the manuals are a bit skimpy. They seem to assume best case for everything and, if one gets into trouble, offer only limited help.
Support is limited to web-based and email-based contact from registered users. Escalation to a live engineer on the phone is available, as is a training program, and there is also a registered user section of the website with a range of information.
However, we were surprised that the apparent level of support seems so limited.
NetWitness is appropriately priced for the market, but lacks some features that would make it a truly strong competitor in the very large enterprise arena. What it does, it does very well and, in fact, has one of the best user interfaces we saw.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry