http://weblog.infoworld.com/zeroday/archives/2008/01/free_csi_for_yo.html
By Matt Hines
Zero Day Security
InfoWorld
January 22, 2008
When it comes to network security, you can't say that nothing in life is
free.
At least nothing that's been ported into a free trial version [1].
Jokes aside, the security community is being offered a chance to kick
the tires on an intriguing new product this week, as start-up Packet
Analytics has launched a free trial of its Network Forensic Search
Engine (Net/FSE) -- a tool used to collect and perform analysis of
network alert data.
Launched out of Los Alamos Labs, the startup is hoping to help companies
make sense of all the information being gathered by their existing
intrusion detection systems, security event management tools, firewalls
and network gateways.
Even though many large customers have invested lots of hard-earned cash
in deploying such devices, most still struggle to make sense of all the
incident data being aggregated by the systems, and to weed-out real
attacks from the noise of everyday traffic and false positives,
officials with the company claim.
According to the Packet Analytics' founders -- several of whom worked at
the federal research facility -- the core technology behind Net/FSE has
been has been in production use for more than five years at Los Alamos
where it has been keeping an eye out for suspicious activity trying to
tunnel its way in over the installation's external defenses.
Another existing user is Los Alamos National Bank, which scanning its
event logs with the system to help protect its 1.2 billion online
financial records, according to Packet Analytics executives.
Promised to be "built by network security analysts for network security
analysts" Net/FSE utilizes proprietary indexing and search algorithms
that promise to deliver speedy results and offer "real-time situational
awareness" of forensics data, allowing organizations using the tool to
become far more proactive about handling critical incidents, company
officials said.
According to the firm's marketing pitch, the system actually uses a
two-phase search technology that alters the manner in which
multi-terabyte datasets can be analyzed to gather context about
security-oriented events.
Net/FSE also promises to function as both a network data collector and a
systems log server, thereby allowing for tight integration of data fed
into the tool from multiple sources, the company maintains.
The system also boasts a high level of available customization to allow
users to design unique agents to stream data to the server, or provide
search capabilities over existing log repositories. That feature is
crucial in cases where organizations already have a centralized logging
infrastructure and merely desire to add new search capabilities over
that data, officials said.
The search engine can also be delivered as a totally Web-based
architecture, as it is in the trial version, although companies hoping
to create their own models for the engine will need to run an agent
in-house.
Working under a license to market the technology commercially -- and
$100,000 in seed money -- from Los Alamos, company officials said they
believe the engine could become a hit with organizations that have found
their networks getting compromised with attacks even after making
significant investments in existing logging and alert tools.
"People at Los Alamos found that they were spending too much time
analyzing these logs, so the idea was to design something that could
perform a deep dive on what the events actually mean within the security
context," said Andy Alsop, president and chief executive of Packet
Analytics.
"The most significant value we bring is to give people more detailed
information as an event is still happening, but it's also about giving
the whole picture, how something small that happened a month beforehand
actually led to a much larger incident, and that's what traditional data
collection tools cannot do," he said.
Future plans to expand Net/FSE will include the addition of compliance
reporting capabilities, along with added network behavior analysis
features and even broader event correlation, the company said.
[1] http://www.packetanalytics.com/download.php
Received on Wed Jan 23 00:37:55 2008