nFX Cinxi One
Strengths: Granular network event-based forensic capabilities
Weaknesses: Takes a bit of time to become familiar with the dashboard
Verdict: Top drawer network forensics tool
The nFX Cinxi One appliance from netForensics combines log management with a powerful log correlation engine to provide a deep look into network security events.
This product features the ability to use its automated correlation technology to identify stealth patterns of attack, filter out false positives and prioritise critical events, thus giving a true look at an attack and how it happened. This, combined with the other log correlation and analysis features, make it a high performance investigating tool.
The initial installation and setup was quite simple and straightforward. Once the appliance is connected to the network the management console can be launched from any machine connected to the network by accessing the product's web page. We found this console to be a little overwhelming to use at first but quickly became comfortable with navigating around. Configuring the device was also quite easy and we found it was intuitive to add assets and for networks to be monitored.
The dashboard contained a wealth of information and it is completely customised for greater flexibility. Once everything is properly configured, this gives a quick glance at topology, incidents and threat summaries.
Documentation included: an install guide that detailed how to get the appliance up on the network and configured for the first time; a quick-start guide that provided a few steps to get logged into the appliance and become familiar with the interface; and an implementation guide, which provided an in-depth look at how to configure the features and the product for the environment. All of the documentation was well organised and included many screenshots and examples.
NetForensics offers a wide range of support options at various levels, as part of annual agreements. Options include 24/7 phone and email technical support for 365 days a year and access to a remote help service and product updates. There is also a portal available to customers that includes a knowledgebase and a FAQ section.
We find nFX Cinxi One is priced to meet the needs of almost any type of environment and is excellent value for money.