[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Free CSI for your network


By Matt Hines 
Zero Day Security
January 22, 2008

When it comes to network security, you can't say that nothing in life is 

At least nothing that's been ported into a free trial version [1].

Jokes aside, the security community is being offered a chance to kick 
the tires on an intriguing new product this week, as start-up Packet 
Analytics has launched a free trial of its Network Forensic Search 
Engine (Net/FSE) -- a tool used to collect and perform analysis of 
network alert data.

Launched out of Los Alamos Labs, the startup is hoping to help companies 
make sense of all the information being gathered by their existing 
intrusion detection systems, security event management tools, firewalls 
and network gateways.

Even though many large customers have invested lots of hard-earned cash 
in deploying such devices, most still struggle to make sense of all the 
incident data being aggregated by the systems, and to weed-out real 
attacks from the noise of everyday traffic and false positives, 
officials with the company claim.

According to the Packet Analytics' founders -- several of whom worked at 
the federal research facility -- the core technology behind Net/FSE has 
been has been in production use for more than five years at Los Alamos 
where it has been keeping an eye out for suspicious activity trying to 
tunnel its way in over the installation's external defenses.

Another existing user is Los Alamos National Bank, which scanning its 
event logs with the system to help protect its 1.2 billion online 
financial records, according to Packet Analytics executives.

Promised to be "built by network security analysts for network security 
analysts" Net/FSE utilizes proprietary indexing and search algorithms 
that promise to deliver speedy results and offer "real-time situational 
awareness" of forensics data, allowing organizations using the tool to 
become far more proactive about handling critical incidents, company 
officials said.

According to the firm's marketing pitch, the system actually uses a 
two-phase search technology that alters the manner in which 
multi-terabyte datasets can be analyzed to gather context about 
security-oriented events.

Net/FSE also promises to function as both a network data collector and a 
systems log server, thereby allowing for tight integration of data fed 
into the tool from multiple sources, the company maintains.

The system also boasts a high level of available customization to allow 
users to design unique agents to stream data to the server, or provide 
search capabilities over existing log repositories. That feature is 
crucial in cases where organizations already have a centralized logging 
infrastructure and merely desire to add new search capabilities over 
that data, officials said.

The search engine can also be delivered as a totally Web-based 
architecture, as it is in the trial version, although companies hoping 
to create their own models for the engine will need to run an agent 

Working under a license to market the technology commercially -- and 
$100,000 in seed money -- from Los Alamos, company officials said they 
believe the engine could become a hit with organizations that have found 
their networks getting compromised with attacks even after making 
significant investments in existing logging and alert tools.

"People at Los Alamos found that they were spending too much time 
analyzing these logs, so the idea was to design something that could 
perform a deep dive on what the events actually mean within the security 
context," said Andy Alsop, president and chief executive of Packet 

"The most significant value we bring is to give people more detailed 
information as an event is still happening, but it's also about giving 
the whole picture, how something small that happened a month beforehand 
actually led to a much larger incident, and that's what traditional data 
collection tools cannot do," he said.

Future plans to expand Net/FSE will include the addition of compliance 
reporting capabilities, along with added network behavior analysis 
features and even broader event correlation, the company said.

[1] http://www.packetanalytics.com/download.php

Subscribe to InfoSec News