Network Data Analysis

Packet Analytics' Net/FSE, the network forensic search engine, is the first commercial solution available to network security analysts that is built from the ground up to make network data analysis operations faster and more efficient. Net/FSE put billions of network events at the finger tips of network security analysts, all in an easy to use dynamic web interface. Since Net/FSE is built for security analysts by security analysts, it is no surprise that users find Net/FSE to be the ultimate network data analysis workflow tool.

Every day, enterprise networks generate millions of network events that are relevant to these tasks. Firewalls, routers, switches, authentication servers—practically any network device—are constantly creating log records that can be collected, searched and analyzed. It is important to understand that with network data one can never be sure what event information is relevant until after the fact. For example, enterprises did not see value in storing DNS logs until DNS exfiltration attacks started appearing. With no historical log of DNS activity, those that fell victim to such attacks had no way of definitively knowing the extent of the data leakage resulting from the breach.

Net/FSE makes storing and accessing network event data easy and cost effective. By default Net/FSE functions as a syslog server and NetFlow collector, although existing log repositories can be indexed and integrated into Net/FSE through Packet Analytics Professional Services. Net/FSE's proprietary indexing techniques incur an incredibly low overhead (10-20% the size if the data being indexed) to network event sources making it cost effective to store all IP-based network data for long term data analysis capabilities. Net/FSE is designed to scale to large data volumes and is limited only by the amount of storage made available to the system (via attached RAID, local disk or SAN/NAS).

Network security analysts rely on IP-based network data, or network events, for a variety of tasks in their daily operations: alert analysis, network monitoring, trend analysis and network forensics among others. Alert analysis tasks involve daily investigation of alerts from intrusion detection and prevention systems (IDS and IPS), network behavior analysis (NBA) tools, security information management (SIM) systems and various other alerting tools. Network monitoring and trend analysis is an ongoing task that is necessary to understand the daily rhythm of the network. Network forensics comes into play in the event of an investigation and involves analyzing weeks or months of network data to determine the scope and extent of a network breach.

Net/FSE provides search and analysis capabilities for IP-based network data are unmatched in streamlining these tasks. Alert analysis, network monitoring, trend analysis and network forensics can now be performed from a single secure web interface, instead of jumping from tool to tool and server to server to access log files. This saves analysts time and gives them the ability to find definitive answers for incident response and network forensics.

Download Net/FSE today!