Strengths: Easy to use, with deep drill down and application reconstruction ability
Weaknesses: Nothing we found
Verdict: A solid product that not only provides good log analysis, it has the forensics chops to get the investigative job done. Our Best Buy
SummaryNiksun's NetDetector goes way beyond simple network-based forensics. This appliance features not only the ability to do forensics and incident analysis, it also has an intrusion detection system and can do complete network security surveillance. Beyond analysis deep within the packet, this product can also reconstruct applications such as web browsers and even chat and web-based email.
We found NetDetector quite easy to use. Setup takes just a few minutes and most of this is spent unpacking the appliance. Initial configuration can be done either by connecting a monitor and keyboard directly to the appliance or through a hyperterminal connection. After entering a few commands to set time and date, a wizard helped set IP addresses and IP settings such as DNS and gateway. Once that was completed we just plugged it in to our network tap and accessed the Java-based web GUI, which is easy and intuitive to navigate.
This solution is a solid performer. It sits off of a hub, span port of a switch or a network tap, so it sees all network traffic and is able to record anything that goes in or out of the enterprise. When doing analysis, we found drilling down into the many graphs an easy task and finding the exact data was quick and efficient.
This product comes with two main guides. A printed customer installation guide provides the initial setup and installation procedure to get the box up and running, plus clearly shows different tap and network connections. The user guide illustrates the different functions and features of the appliance in great detail. Both manuals include many screenshots and diagrams.
Customers get one year of support with the purchase of the Niksun appliance, consisting of phone and email assistance as well as access to a dedicated web portal. The latter includes access to the latest technical advisories, FAQs, worm/virus notes, learning tools and product documentation.
At a starting price of £6,000 this product is excellent value for money. The combination of analysis capability and application reconstruction, along with simple intuitiveness, makes it a solid asset to almost any organisation.