Executive Summary

By Cameron Sturdevant  |  Posted 2002-12-02 Print this article Print

: NetForensics 3.0"> Executive Summary: NetForensics 3.0

Usability Good
Capability Excellent
Performance Good
Interoperability Good
Manageability Good
Scalability Fair
Security Good
NetForensics 3.0, an event correlation and analysis tool for security devices, accepts messages and log files from an array of intrusion detection, firewall and anti-virus systems, then uses rules to process the information into useful run-time and historical reports. It needs tweaking to get the best results, but our tests showed that the effort will likely be rewarded with significantly improved security operations, without adding staff.

Cost Analysis

Most of the significant costs of Net- Forensics 3.0 are upfront. After getting the product installed and properly tuned, maintenance costs should drop significantly, rising only if the organization is subject to frequently changing attacks. Even then, a skilled NetForensics operator should be able to quickly write new rules that take on the new threats with far less overhead than dealing with threats on a platform-by-platform basis.

(+) Effective correlation of large volumes of security data; concise reports show current and past security status; should enable security staff to monitor and manage an increasing number of firewalls, IDSes and anti-virus systems.

(-) Lacks support for some smaller-name security products; initial configuration is an involved process.

Evaluation Short List
  • GuardedNets NeuSecure
  • e-Securitys e-Security Management System
  • www.netforensics.com

    Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel