NetForensics Gets a Face-Lift

Latest version of netForensics namesake product features an expanded and more detailed GUI.

In the suddenly hot market for security event management products, Symantec Corp. and Computer Associates International Inc. may be the big kids on the block, but there are a slew of smaller, less well-known challengers that are by no means trembling in the giants shadows.

One of these companies, netForensics Inc., next week will unveil a new version of its namesake product, which adds a host of new functionality. The most noticeable change is an expanded and more detailed GUI. Company officials acknowledged that past versions of the console didnt have the most useful or attractive user interface, and said they worked hard to address that in the 3.0 release.

"If there was one area where we got a lot of criticism, it was in the GUI," said Niten Ved, co-founder and chief operating officer at netForensics, based in Edison, N.J. "Weve taken a more familiar, X Windows-type approach so administrators know what theyre looking at."

The console now gives administrators the choice of several different views into their networks security posture, and enables users to bring up graphs of current activity by location, event type or severity.

Like most other products in this category, netForensics places agents at various points around the network to gather data, which they then report back to the main console. However, the companys agents do not reside on the individual security devices, but instead reside in-line on the network.

Before sending their data on to the console, the agents normalize the alerts they collect, winnowing the thousands of unique events down to about 100 different Alarm IDs, as theyre called. NetForensics SIM (Security Information Management) Desktop then aggregates and correlates the data before displaying it in the various graphs.