Network Recorders Are A Window To The Past - InformationWeek
IoT
IoT
Software // Information Management
Commentary
9/17/2008
03:36 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Network Recorders Are A Window To The Past

Announced at Interop, Endace Analytics Center 2000 provides network analysis for Endace's NinjaProbe, while Solera Networks announced an OEM program providing data-capture services to others. In both cases, the ability to play back captured network traffic eases troubleshooting and resolution.

Announced at Interop, Endace Analytics Center 2000 provides network analysis for Endace's NinjaProbe, while Solera Networks announced an OEM program providing data-capture services to others. In both cases, the ability to play back captured network traffic eases troubleshooting and resolution.Network monitoring software populates events that you are expressly looking for, although going back and re-forming the question or digging deeper is often not possible minutes, hours, or days after the event. Any IT or security administrator has said more than once, "I wish I had captured that data." Capturing network data at line rate, even at gigabit speeds, is not normally possible with off-the-shelf hardware, much less the ability to store full packet captures. Both Endace's and Solera's capture appliances can store terabytes of data with options for storage expansion.

Collecting data is one thing, but analysis is the motivator. Endace's Analytics Center 2000 is a client-server application that runs on the NinjaProbe and offers reporting and analysis tools using Endace's own SOAP API. The configurable dashboard offers filterable views of the captured traffic, letting administrators drill into network traffic by clicking on visual tables rather than typing in strings. For example, you can start searching from an IP address or discovered application, and continue filtering out the unwanted data. Deeper packet analysis can be conducted by downloading the captured packets and using your favorite analyzer. EAC 2000 uses Wireshark, natively. NinjaProbe is more than just a packet capture device -- Linux-based analysis programs like Snort IDS can be installed on NinjaProbe and provide analysis on the appliance, while NinjaProbe can generate multiple NetFlow outputs sent to external hosts.

Solera Networks bills itself as the search engine for network analysis, and they do have an intuitive interface that can look for key words and file types, in addition to IP addresses and port numbers that ships with its DeepSee appliances. In addition to native analysis, Solera Networks has announced an OEM program around its Capture Stack technology. The program allows vendors to leverage captured data in their own products. By using Solera Networks' Capture Stack for packet capture, the OEM partners can focus on building their own products. For example, automatically capturing a snapshot of traffic between two peers before and after a security event may provide vital context for further analysis.

While other network recorders like NetScout's Infinistream and Network Intruments' GigaStor appliances offer similar functionality to both Endace's NinjaProbe and Solera Networks' DeepSee, the integration API's offered by both Endace and Solera provide useful integration points for other network management and security products.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll