NetForensics adds visualisation and scores to 3.0

NetForensics is poised to unveil the latest upgrade to its security information management (SIM) software, which will feature...

NetForensics is poised to unveil the latest upgrade to its security information management (SIM) software, which will feature security event scoring and categorisation features as well as visualisation technology from SilentRunner.

The company plans to unveil netForensics 3.0 tomorrow at the Sysadmin Audit Network Security (SANS) Network Security 2002 conference in Washington DC.

The announcement of netForensics 3.0 is the latest in the increasingly competitive space of SIM software, which aggregates and correlates events reported from a variety of network security devices such as firewalls, intrusion detection systems (IDS), and antivirus software.

"The whole [SIM] market is highly competitive," said Michael Rasmussen of Giga Information Group. "You have a lot of people making progress in the same direction."

Among the features of netForensics 3.0 is one that allows system administrators to assign "threat scores" to security events. Scores take into account both the severity of the reported event and the "asset value" of the machine being targeted.

Typically, important devices such as a company's e-mail server and file servers would be assigned higher values than little-used machines. The values assigned to machines will vary from organisation to organisation, depending on their needs.

Companies are increasingly looking for this level of customisation, according to Rasmussen.

"You're starting to see some movement to a business view of things. Previous [SIM] software was very limited. Customers could weight events, but the ability to weight events and tie them in to a business view of security was limited," Rasmussen said.

NetForensics also announced the addition of security event visualisation features to netForensics 3.0, through a partnership announced last week with security analysis software maker SilentRunner.

The SilentRunner Analyzer, which will be a cost option for netForensics 3.0 customers, adds two-dimensional topographical mapping of security devices in addition to analysis features.

NetForensics will sell SilentRunner Analyzer to its existing customer base and the companies will conduct joint sales and marketing for the product.

A "master engine" component will correlate the activities of netForensics 3.0's aggregation engines and serve as a single management console for an entire deployment, improving throughput and scalability, according to Niten Ved, co-founder and chief operating officer of netForensics.

A new "provider" component will coordinate configuration management and Secure Sockets Layer (SSL) certification for netForensics 3.0 products.

"All the real-time capabilities we've added along with the risk management features are taking us to the next level," Ved said.

The upgrade will keep netForensics competitive in a market in which they are already well established.

"The strongest thing netForensics has going for it is its market presence," Rasmussen said. "They have a great relationship with Cisco and more than 200 clients, which is more than anyone can say."

Read more on IT risk management