The company claims its software can churn through terabytes of NetFlow sessions and other security-related information, including firewall logs and IDS events. The goal is to help IT security teams better respond to anomalous network behavior and security incidents by helping them understand which hosts are involved in an alert, how long the activity has been going on, and where it originated.
Packet Analytics makes a big deal of its association with Los Alamos National Laboratory (LANL). The technology behind Net/FSE has been used for five years on LANL networks. LANL is tasked by the Department of Energy with maintaining the security and reliability of U.S. nuclear weapons, and its networks are a regular target of intrusion and espionage attempts.
The startup is hoping the association provides a measure of credibility that other startups have to earn over several product cycles and through customer trials.
Unfortunately, LANL has suffered a string of embarrassing security incidents in the past decade. For instance, employees sent top-secret nuclear weapons data through an unsecured e-mail network, the lab acknowledged in June 2007. In 2006, an employee whose spouse was involved in a meth lab bust was found to have sensitive information about nuclear weaponsin her home. A list of security breaches at Los Alamos and other DOE facilities is available here.
While the majority of security incidents at LANL involved mishandling of classified information by lab employees and contractors rather than network-related events, linking the new company closely to the lab isn't the most clever marketing strategy. Luckily, the company isn't trying to sell a data loss prevention product.
Packet Analytics also is late to the NetFlow party. A truckload of security products already consume and analyze NetFlow data. Competitors include Security Information and Event Management (SIEM) products such as Qradar from Q1 Labs; and Network Behavioral Analysis (NBA) products such as Lancope's StealthWatch and Cisco's own CS-MARS.
Some products, such as CS MARS, also can help remediate events by closing firewall or switch ports to stop malicious traffic from spreading through a network.
However, these SIEM and NBA systems are expensive. Packet Analytics offers the software free for networks processing up to 1 million events per day. Perpetual licenses start at $1,495 for up to 3 million events. It's a sensible strategy to attract organizations that may be daunted by the price tags for competing solutions.
Packet Analytics has launched with $200,000 in seed funding from Flywheel Ventures, the LANL Venture Acceleration Fund, and private investors. The company expects to close a Series A round of investment by the end of 2008.