A product thats just a few months old is providing a way of taking the long view in network security.
Niksun Inc. (www.niksun.com) takes a new approach with its Net- Detector by building a network traffic analyzer with intrusion-detection system features. The rack-mountable NetDetectors key difference is that it is designed to be purchased with large amounts of disk storage (up to a terabyte is supported), so the product can capture days to weeks of network traffic.
Using this traffic log, NetDetector can look for slow port scans as well as detect traffic anomalies over time. Its only rule-based and doesnt support detection of attacks using packet signatures the way most intrusion-detection systems do.
NetDetector can also be used as a forensics tool, displaying actual bytes transmitted by and sent to a remote system (see screen). An archived copy of network traffic can be invaluable if a cracker succeeds in wiping out server logs or if servers arent configured to track user activity.