Sandstorms NetIntercept

By Cameron Sturdevant  |  Posted 2003-04-14 Print this article Print

Competitor Sandstorm Enterprises Inc.s NetIntercept processes data offline so that searches can be accomplished quickly. NetIntercept, which costs $29,500 in a dual-processor, 770GB configuration, can automate common tasks, including data analysis that results in reports; storing suspect data for more detailed analysis; and even deleting data, once it has been analyzed, to free disk space. These are all important features, and Network Associates should consider adding offline data analysis capabilities in a future edition of its product.

We were impressed with the large capacity and high capture rate that we saw during tests. The sky-high storage capacity means that with a 5 percent utilization rate on a Gigabit link, the InfiniStream device would be able to store nearly two and a half days worth of traffic. The device overwrites data using a first-in, first-out rule, which we think makes sense for most users.

Network Associates is open to developing higher-capacity storage devices for customers who want to keep more data available for analysis, company officials said.

The product was easy to install and use in tests; IT departments will have little trouble adding the device to the network.

Based on our work with InfiniStream, wed be surprised if it took more than a couple of people working part time to become expert users. Part of the reason for the simplicity of use is that Network Associates is encouraging users to tap its Sniffer analysis tools (sold separately) to do in-depth analysis. This shouldnt be a burden because Sniffer tools are already widely used in large enterprises, and IT managers are likely to have several Sniffer experts already on staff.

The data mining and analysis tools included in the version we tested were more than adequate for our rigorous search needs.

Because InfiniStream captures all network packets, we could effectively play back every HTTP session and "watch" where we went on the Web. Any instant message session that used the Internet Relay Chat protocol was also caught, and we could play back these messages. We could also play back telephone conversations that used Cisco Systems Inc.s Skinny protocol.

All this power means that IT managers should be familiar with workplace rules and legislation governing monitoring. It almost goes without saying that employees should be told that their work is monitored and recorded. Notification laws come into play when monitoring voice-over-IP conversations, and IT managers should be fully aware of these requirements when using InfiniStream.

Its likely worthwhile to spend some time with the corporate counsel and human resources to ensure that proper notification and use policies are in place.

Of graver operational concern should be the physical and logical security of the InfiniStream device. Our tests showed that the product, if stringent physical security is enforced, is adequately protected from hacking. But because it stores every packet, InfiniStream could become a juicy target for hackers, and IT managers should ensure that they carefully monitor activity on the box.

Physical security is a must because the box has several accessible network and Universal Serial Bus ports.
InfiniStream Executive Summary Senior Analyst Cameron Sturdevant can be contacted at

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel