: NetForensics 3.0"> Executive Summary: NetForensics 3.0
NetForensics 3.0, an event correlation and analysis tool for security devices, accepts messages and log files from an array of intrusion detection, firewall and anti-virus systems, then uses rules to process the information into useful run-time and historical reports. It needs tweaking to get the best results, but our tests showed that the effort will likely be rewarded with significantly improved security operations, without adding staff.
Most of the significant costs of Net- Forensics 3.0 are upfront. After getting the product installed and properly tuned, maintenance costs should drop significantly, rising only if the organization is subject to frequently changing attacks. Even then, a skilled NetForensics operator should be able to quickly write new rules that take on the new threats with far less overhead than dealing with threats on a platform-by-platform basis. (+) Effective correlation of large volumes of security data; concise reports show current and past security status; should enable security staff to monitor and manage an increasing number of firewalls, IDSes and anti-virus systems. (-) Lacks support for some smaller-name security products; initial configuration is an involved process. Evaluation Short List
GuardedNets NeuSecure e-Securitys e-Security Management System www.netforensics.com