ProtectWise: Product Overview and Analysis

PRODUCT ANALYSIS: The ProtectWise Grid is a cloud-delivered network detection and response (NDR) platform that unifies network detection, full-packet forensics and integrated response in an on-demand platform for any environment—enterprise, cloud or industrial.


Company Name: ProtectWise, Inc.

Company description: ProtectWise provides cloud-delivered network detection and response (NDR). Organizations can achieve defense in depth via advanced analytics in enterprise, cloud and industrial environments with real-time and retrospective detections. Full-fidelity packet captures, indexed and retained indefinitely, create a perfect, rapidly searchable network memory. By unifying detections and forensics in an intuitive and immersive visualizer, the ProtectWise Grid delivers advantages over current security products. The platform integrates with hundreds of existing security products, features the ease and cost-savings of an on-demand deployment model and enables companies to consolidate multiple, disconnected point products.

Founded in April 2013, privately held ProtectWise is based in Denver and led by a team of security and SaaS industry veterans from McAfee, CrowdStrike and Symantec. For more information, go here.

Markets: Media and Entertainment, financial services, technology, health care/medical, energy, education, government, law, travel, real estate.

International Operations: Global channel partner programs and customers in EMEA, APAC and Japan

Product and Services

The ProtectWise Grid is a cloud-delivered network detection and response (NDR) platform that unifies network detection, full-packet forensics and integrated response in an on-demand platform for any environment — enterprise, cloud or industrial.

Key Features

Network Detections In Depth: Unified view of threat detections across enterprise, cloud and industrial environments.

Advanced Forensics: Rapid search and threat hunting of full packet and metadata.

Integrated Response: Public APIs enable integrations with endpoint, firewall, proxy, SIEM (security information and event management), intelligence and other security products for remediation with policy-based enforcement and workflows. Incident response with alert visualization, triage and correlation.

Rapid Deployment Model: Cloud-delivered security enabled by sensors that can be deployed anywhere on the network in minutes.

Insight and Analysis

Our go-to peer-review sites, Gartner Peer Reviews, G2 Crowd and IT Central Station had no reviews of ProtectWise. However, 451 Research had the following to say about the company in a recent report:

“The idea of a network digital video recorder (DVR) isn't new, nor is the concept of capturing traffic (think of Marcus Ranum's Network Flight Recorder in the 1990s). But the explosion of network-connected systems and devices, along with all the traffic they generate, has continued to challenge attempts to get a whole view of the cyber-battlefield. ProtectWise has developed methods for compressing, optimizing and replaying the traffic that it collects in its network sensors, sending it all to its Amazon-based cloud infrastructure for storage, analysis and, perhaps most importantly, retrospection.

“ProtectWise's Wisdom Engine does the analysis of all this network traffic data. It performs what the company refers to as 'network shattering': dissecting netflow using deep-packet inspection on more than 6,000 types of protocols and applications. Using proprietary research and cross-customer event correlation, as well as third-party threat-intelligence feeds, the engine identifies and classifies threat events; whenever new ones are discovered, it automatically triggers retrospection over the complete historical data store to find any evidence of previous activity.

“ProtectWise's virtualized sensors can be deployed anyplace in the network where the customer wants to get an unfettered look at what's happening; the company doesn't charge by the sensor or limit the numbers. Instead, it charges by the amount of post-optimization data ingested (using the same model that Splunk does) and the storage retention period, which can be 1-12 months or longer. It offers both streaming and RESTful APIs, and the company says that Netflix has integrated the product into its Fully Integrated Defense Operations (FIDO) system.”

“ProtectWise may have everything under the hood that its competitors have (or more) in the way of intelligence, collection capabilities and analytics, but given the marketing-buzzword war out there, it will be hard to get the attention of CISOs long enough to have them examine those portions of the offering. What it does have, however, is an extremely attractive cover by which its book can be judged. We think the UI on its own could be the wedge to get into opportunities where customers might earlier have made do with limited dashboard and control capabilities.”


Enterprise Strategy Group (ESG) reports the following:

“The ProtectWise Cloud Network DVR was built from the ground up by a team of software-as-a-service security (SaaS) security industry veterans. Trust, security and privacy controls are core components of the architecture, the application and the day-to-day operations of ProtectWise. The ProtectWise Wisdom Engine provides continuous, correlated real-time threat detection combined with the ability to go back in time to uncover previously unknown threats by correlating Cloud Network DVR data against proprietary research algorithms, commercial threat intelligence feeds, advanced network intelligence, and advanced traffic analysis. Emerging threat intelligence automatically triggers retrospective analysis of network data for continuous discovery of old but unknown indicators of compromise. ProtectWise Visualizer offers advanced threat visualization—at-a-glance, real-time situational analysis, alarm management, and a deeper forensics workbench with kill-chain charting, network connection graphs, event timelines and more. Forensic capabilities manage policies for sensors, replay traffic and users, and create alert notifications.”


Finally, Ovum Research reports the following:
“ProtectWise delivers a cloud-based service for collecting and storing network event data to enable analysis and the detection of anomalous behavior. It stores the data in a compressed, optimized form, so that it can offer a resource for unlimited retrospective as well as real-time analysis.

Key messages:

  • ProtectWise deploys sensors to collect network data, compress, optimize, and stream it to the company’s cloud back end.
  • It is subjected to real-time analysis for threat detection and response.
  • The data is also stored for as long as the customer requires so that it can be available for retrospective analysis as additional threat data evolves.
  • The company has also launched The Immersive Grid, a visualization capability, enabling security analysts to identify the most critical threats at a glance.

Ovum view: “Large enterprises with huge, complex infrastructures need both real-time network detection and response, as well as the ability to go back to historical network data to analyze it in the light of emerging threat information. This stands ProtectWise in good stead to grow its customer base in this segment.”


List of current customers: Netflix, Pandora, Motorola Mobility, Ten-X, Maxim Integrated

Delivery:  Software as a service via cloud

Pricing:  Pricing is tiered and based on the amount of network traffic ingested and the length of time network data is retained for retrospection (1-month, 3-months, 6-months, or 1-year).      

Other key players in this market:  RSA Netwitness, Cisco SourceFire, TippingPoint, BlueCoat Solera, McAfee IDPS

Contact information for potential customers: 1-855-369-7399; [email protected]

For more information, go here.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...