We installed Insightix DID Collector on an IBM dual-processor eServer 325 system with 1GB of RAM and two NICs. This is close to the minimum hardware configuration requirements and shouldnt be much of a burden on the midsize and large enterprises for which the product is intended. We dont usually consider the security of a monitoring system to be of paramount concern; nonetheless, we were impressed with the care taken to build Insightix DID Collector on a secure platform. The software installs a hardened version of the Debian GNU/Linux system. We recommend that Insightix DID Collector be installed by itself to ensure that the network connection to the monitoring port on the switch is clear of additional traffic.Insightix DID collector discovered all our test servers and PC systems running a variety of Windows versions and Linux distributions, along with network protocols that were running in the network. All this information was displayed in a simple-to-navigate Web-based dashboard. In the current version, the dashboard is in HTTP. A release of the product scheduled for next quarter will provide an S-HTTP (Secure HTTP) connection to the console, company officials said. We got all this information without scheduling a scan or installing agents on any equipment. Insightix DID Collector analyzed all the network traffic that was mirrored to the monitor port on the switch. During tests, the Insightix software generated a Web-based report that included a detailed infrastructure list that showed all of our network switches, routers, firewalls and other devicesalong with all the servers and client systems. The chief contrast we can draw is with established network and system management tools. These productsincluding Hewlett-Packard Co.s OpenView Network Node Manager, BMC Corp.s Patrol line of management tools and Computer Associates International Inc.s Unicenterpoll systems from a central console to see if they are present and available. There are two chief drawbacks to this approach. First, polling tools almost always require an agent on the monitored system. Agents mean installation and maintenance costs. Second, management tools always consume some amount of network bandwidth. Most of the time, these tools use very little bandwidth, but they can on occasion demand a large amountwhich, in our experience, tends to coincide with other major network connectivity problems. The trade-off is that agent-based systems generally have the handy ability to monitor activities on the system and send proactive alerts when, for example, memory utilization goes above an acceptable threshold. Most management tools have matured significantly during the last five years and have agents and console settings that keep bandwidth usage at acceptable levels. By the end of our testing, we had concluded that Insightix DID Collector is a good complement to agent-based tools. The software discovered all sorts of devices we didnt have documented on our infrastructure mapfrom our Avocent DSR 2161 KVM (keyboard, video and mouse) switch to another hardware device being tested in the network (Trusted Network Technology Inc.s Identity 2.0, which will be reviewed in an upcoming issue). Insightix DID Collectors correct identification of these devices, along with its accurate assessment of the operating system, made it easy for us to force a discovery of these devices by other management tools we use to monitor our test network. In fact, Insightix DID Collector will likely be as beneficial to network and systems operations as it is to the security department. In our tests, the software showed an uncanny ability to find unauthorized network access pointsone of the most common scourges of networks. Next page: Evaluation Shortlist: Related Products.
We tested Insightix DID Collector using one passive-monitoring NIC. The product can monitor additional physical connections as long as the total traffic of all monitored networks does not exceed 1GB per second.