Network Intelligences Engine HA

By Ira Apfel  |  Posted 2005-09-20 Print this article Print

Institutes Some Ch-ch-changes"> Curry brought in five vendors in search of a solution to his companys log problem. After listening to Wiedersteins advice, he chose Network Intelligence, of Westwood, Mass.

"The other vendors needed lots of systems to keep up with all our events," said Curry. "And they were very expensive, as well."

Network Intelligences Engine HA cost Calpine approximately $30,000, said Curry.

The appliance scales as low as $20,000 to collect 500 eps (events per second), said Jim Melvin, Network Intelligences executive vice president for marketing and business development.

"Our product is unique in that its an appliance-based product that fits into the security information and event management space," Melvin said. "Many of our customers come to us after failing an audit. More likely theyve recently had an audit, but the cost and processes were overwhelming."

Melvin said that Network Intelligences competitors offer software-based products that filter but dont collect log data.

"What we see happening right now is customers are just starting to figure the impact of todays compliance issues," Melvin said. "We had Gartner [Inc.] on a [Web seminar] with us recently, and they said companies that solve compliance issues on a one-off instance can spend 10 times more than running a compliance product like ours. By collecting data, you can scale this out to handle a number of reports."

Network Intelligences Engine HA is a single-unit product that was so easy to install that it started logging Calpines data just two days after purchase, Curry said. The engine stores uncommon data and provides trend analysis reports. Calpine uses the Network Intelligence product for all compliance reporting, including that involving the Sarbanes-Oxley Act and the trading regulations for the Calpine Energy Services trading platform.

"We loved it; you have visibility across the entire enterprise," said Curry. "Our external and internal auditors come in and they dont have to tie up our system administrators time pulling reports from servers or logs. We just sit the auditor in front of the reporting interface, and they can see canned reports. We also taught them how to pull their own reports."

Wiederstein said Curry was initially skeptical that Network Intelligences Engine HA would work well. "When youre being overwhelmed and the consultant says, I have the silver bullet, its a little hard to believe," said Wiederstein. To win Currys support, Wiederstein installed the Network Intelligence appliance before purchasing so that Curry could see it operate on Calpines network.

An unexpected bonus

The network intelligence product ran so well that, after it was up and running, Curry said he wondered whether he could apply it to other areas of his department. As the person responsible for server infrastructure oversight, both Unix and Windows, Curry realized this section of his department had the same problem—an inability to correlate information or report on users activity. "Theyd have to look at 30 logs, and that was too much," he said.

So Curry directed all Calpines Unix and Window servers, not to mention its switches, IS/IP, DoS (denial of service) prevention and firewalls, corporate NAT (Network Address Translation) routers and financial systems to report to Network Intelligences Engine HA. The appliance currently handles as many as 6,000 eps.

"If I could do it all over again, I would probably start logging earlier with the entire system," said Curry, adding that there are some functionalities to the product that Calpine still doesnt use.

"The functionality of the Network Intelligence product was communicated, but Calpine had such a heavy requirement upfront that it sold the box, and he didnt look at its other possibilities," said Wiederstein. "Beyond that initial problem, he revisited these other functionalities."

Curry cautioned that Network Intelligences Engine HA is not for every company. "You need to analyze what youre logging and why you want it," he said. "But if you have an auditing requirement—and we do because of our requirements with our different regulatory bodies—its a sound investment. If not, you could end up spending a lot of money on firewall logging without using all the bells and whistles."

Wiederstein echoed Currys comments. "Its always important to take a hard look at your business requirements," he said. "So many times you get focused on solving a current issue as opposed to actually planning for those bigger concerns. Thats where the Network Intelligence engine came in."

Ira Apfel is a freelance writer in Bethesda, Md. Contact him

Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel