Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Storage

    InfiniStream Takes Closer Look at Nets

    By
    Cameron Sturdevant
    -
    April 14, 2003
    Share
    Facebook
    Twitter
    Linkedin

      Network Associates Technology Inc. has issued a controlled release of InfiniStream, a Carnivore-like sniffer on steroids that will significantly up the ante for forensic network analyzers when it enters general release.

      During eWeek Labs exclusive test of the latest version, slated for general release in the next quarter, we were impressed with the huge capture storage capacity—a bit more than 2.5 terabytes in RAID 5 configuration. Equally remarkable was the full-line data rate, which we attained using a Gigabit Ethernet link from a mirror port off a Summit 48 switch from Extreme Networks Inc.

      Security managers charged with investigating high-value network incidents will likely get quite a bit of use out of the product. Aside from the high capture rate and large storage capacity—capabilities that Network Associates gained in its August 2002 acquisition of Traxess Inc.—new replay and analysis features make InfiniStream a tempting tool.

      The product is still far from complete, however, which is why Network Associates is keeping the product in limited release.

      Our tests showed that the single-Xeon-processor InfiniStream still has some kinks to work out when it comes to processing the tremendous amount of data it captures. In one test scenario, we used the product to search for specific communication between two IP addresses. We systematically shrunk the time window of our search because the data mining process ate up huge chunks of time—on the order of 2 minutes to 10 minutes per search.

      InfiniStream costs $70,000 for the hardware and data mining console software. A five-license, data reconstruction module (see screen) is also available for $15,000. Annual support contracts start at $4,500 per site and can be enhanced to provide next-day, on-site technician support.

      Sandstorms NetIntercept

      Competitor Sandstorm Enterprises Inc.s NetIntercept processes data offline so that searches can be accomplished quickly. NetIntercept, which costs $29,500 in a dual-processor, 770GB configuration, can automate common tasks, including data analysis that results in reports; storing suspect data for more detailed analysis; and even deleting data, once it has been analyzed, to free disk space. These are all important features, and Network Associates should consider adding offline data analysis capabilities in a future edition of its product.

      We were impressed with the large capacity and high capture rate that we saw during tests. The sky-high storage capacity means that with a 5 percent utilization rate on a Gigabit link, the InfiniStream device would be able to store nearly two and a half days worth of traffic. The device overwrites data using a first-in, first-out rule, which we think makes sense for most users.

      Network Associates is open to developing higher-capacity storage devices for customers who want to keep more data available for analysis, company officials said.

      The product was easy to install and use in tests; IT departments will have little trouble adding the device to the network.

      Based on our work with InfiniStream, wed be surprised if it took more than a couple of people working part time to become expert users. Part of the reason for the simplicity of use is that Network Associates is encouraging users to tap its Sniffer analysis tools (sold separately) to do in-depth analysis. This shouldnt be a burden because Sniffer tools are already widely used in large enterprises, and IT managers are likely to have several Sniffer experts already on staff.

      The data mining and analysis tools included in the version we tested were more than adequate for our rigorous search needs.

      Because InfiniStream captures all network packets, we could effectively play back every HTTP session and “watch” where we went on the Web. Any instant message session that used the Internet Relay Chat protocol was also caught, and we could play back these messages. We could also play back telephone conversations that used Cisco Systems Inc.s Skinny protocol.

      All this power means that IT managers should be familiar with workplace rules and legislation governing monitoring. It almost goes without saying that employees should be told that their work is monitored and recorded. Notification laws come into play when monitoring voice-over-IP conversations, and IT managers should be fully aware of these requirements when using InfiniStream.

      Its likely worthwhile to spend some time with the corporate counsel and human resources to ensure that proper notification and use policies are in place.

      Of graver operational concern should be the physical and logical security of the InfiniStream device. Our tests showed that the product, if stringent physical security is enforced, is adequately protected from hacking. But because it stores every packet, InfiniStream could become a juicy target for hackers, and IT managers should ensure that they carefully monitor activity on the box.

      Physical security is a must because the box has several accessible network and Universal Serial Bus ports.

      Senior Analyst Cameron Sturdevant can be contacted at [email protected]

      Avatar
      Cameron Sturdevant
      Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×