NetForensics adds visualization, scores in 3.0

NetForensics Inc. is set to unveil the latest upgrade to its security information management (SIM) software, which will feature security event scoring and categorization features as well as visualization technology from SilentRunner Inc., the company said Monday.

The company plans to unveil netForensics 3.0 Wednesday at the Sysadmin Audit Network Security (SANS) Network Security 2002 conference in Washington, D.C.

The announcement of netForensics 3.0 is the latest in the increasingly competitive space of SIM software, which aggregates and correlates events reported from a variety of network security devices such as firewalls, intrusion detection systems (IDS), and antivirus software.

"The whole (SIM) market is very highly competitive," said Michael Rasmussen of Giga Information Group Inc. "You have a lot of people making progress in the same direction."

Among the new features of netForensics 3.0 is one which allows system administrators to assign "threat scores" to security events. Scores take into account both the severity of the reported event and the "asset value" of the machine being targeted, according to netForensics.

Typically, important devices such as a company's e-mail server and file servers would be assigned higher values than little-used machines. The values assigned to machines will vary from organization to organization, however, depending on its needs.

That level of customization is increasingly sought after by companies, according to Rasmussen.

"You're starting to see some movement to a business view of things. Previous (SIM) software was very limited. Customers could weight events, but the ability to weight events and tie them in to a business view of security was limited," Rasmussen said.

NetForensics also announced the addition of security event visualization features to netForensics 3.0, through a partnership announced last week with security analysis software maker SilentRunner Inc.

The SilentRunner Analyzer, which will be a cost option for netForensics 3.0 customers, adds two-dimensional topographical mapping of security devices in addition to analysis features. SilentRunner Analyzer will be sold by netForensics to its existing customer base, and the companies will conduct joint sales and marketing for the product, according to a statement released by netForensics.

A new "master engine" component will correlate the activities of netForensics 3.0's aggregation engines and serve as a single management console for an entire deployment, improving throughput and scalability according to Niten Ved, co-founder and chief operating officer of netForensics.

A new "provider" component will coordinate configuration management and SSL (Secure Sockets Layer) certification for netForensics 3.0 products.

"All the real-time capabilities we've added along with the risk management features are taking us to the next level," Ved said.

The upgrade will keep netForensics competitive in a market in which they are already well established.

"The strongest thing netForensics has going for it is its market presence," Rasmussen said. "They have a great relationship with Cisco Systems Inc. and more than 200 clients, which is more than anyone can say."

But even with the new features and market share, netForensics will face stiff competition from newcomers such as Symantec Corp. and NetIQ Corp., as well as even larger competitors such as IBM Corp.'s Tivoli Risk Manager product and BMC Software Inc., according to Rasmussen.

Users may also have a choice of products from companies with deep pockets and established technologies such as BMC. That company's Patrol network management software could quickly be morphed into a competitive SIM product, according to Rasmussen.

In addition, companies with deep experience on the desktop such as Symantec and netIQ might be able to get out front with SIM features that tie into their existing technology while also tracking operating system and application level security events -- a much sought-after feature.

"When the dust clears after all these companies make their (SIM software) announcements, a lot of vendors are going to find out that other people had the same vision," said Rasmussen, who predicts more product announcements and more activity in the SIM space. "It's gonna be a fun year," he said.

Join the newsletter!

Error: Please check your email address.

More about BMC Software AustraliaBMC Software AustraliaCiscoGiga Information GroupIBM AustraliaNetForensicsNetIQSymantecTivoli

Show Comments