Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Free search tool scans net alerts

Helping ease admin workload.

By Bryan Betts | Techworld | Published: 11:38, 24 January 2008

Start-up software developer Packet Analytics is offering a free downloadable search engine, designed to collect network and system alerts, and help admins and security analysts dig through them.

Called Net/FSE, for network forensic search engine, the browser-based tool requires a standard x86 server running Linux or Unix. It is based on work done at the US Los Alamos National Laboratory to detect intruders on its network, and can aggregate data from a range of sources, including NetFlow (v5 only), syslogs, Snort and Cisco PIX.

Net/FSE enables users to retrieve data relating to specific times, IP ranges or addresses, alert types and so on. The data can then be searched and sorted to highlight areas for deeper investigation.

The tool does not do away with the need for expert understanding of the security issues involved, nor does it do event alerting - that remains the job of the relevant network devices. Packet Analytics said it was designed as an "incident response workflow tool", enabling analysts to more easily dig through the huge volumes of data generated by the likes of firewalls, IDS/IPS and NetFlow.

"Net/FSE will save analysts a significant amount of time in their routine alert investigations, making them more efficient and dramatically decreasing response time," claimed Packet Analytics CEO Andy Alsop. "It was built by security analysts for security analysts, so that enterprises have access to advanced search capabilities over terabytes of NetFlow router data."

The free version can process up to one million events per day; users needing more welly than this will need to buy a more capable version - prices range from $1495 (£760) upwards.

Asked to give an idea of scale, the company said that Los Alamos National Bank, the largest bank in New Mexico with approximately 300 employees, is collecting about two million events per day, while Los Alamos National Laboratory has about 12,000 employees and collects over 100 million events per day.

Packet Analytics said larger systems ar able to use a RAID array or SAN to store multi-terabyte datasets. It added though that 1TB of disk should be enough to store a year or more's data for a small enterprise network.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.