LS Series Logs Better Security

3-piece suite monitors all events.

The Network Intelligence Engine LogSmart Series is a high-performance, scalable, easy-to-deploy security event management package thats well-suited for large enterprises that need to collect and analyze data from multiple sites.

In tests, Network Intelligence Corp.s three-appliance suite collected and stored complete security event data logs created by security and networking devices, and its powerful analysis and reporting tools enabled us to pinpoint network problems.

Only large enterprises and service providers will likely be able to justify the cost of a distributed LS Series deployment—the appliance cluster is priced from $160,000 to more than $380,000 depending on hardware configurations and rate of data collection (measured in events per second).

Software-based security event management systems, such as NetForensics Inc.s NetForensics 3.0, list for much less, but the LS Series clusters management and maintenance costs are lower after deployment.

The LS Series, which shipped in March, includes the Local and Remote data collection appliances (which differ in performance and number of supported devices), the A-SRV (A-Server) EnVision data analysis application, and the D-SRV (D-Server) storage database.

Network Intelligences D-SRV LogSmart engine utilizes data compression and a robust object-oriented database store that allows the system to quickly collect complete event log data in its original format. Multiple D-SRV databases can be queried in parallel from separate sites, with each appliance gathering data from Local or Remote collector appliances.

The Network Intelligence package offers robust performance: A single D-SRV appliance can support three Local collectors, and each collector gathers data at up to 30,000 events per second from as many as 3,000 devices. IT managers can deploy multiple A-SRV EnVision appliances to provide Web client access to the data to be monitored and analyzed. In tests, when we used a log event simulator to put the LS Series (a D-SRV, an A-SRV and a Local collector) through its paces, the cluster easily handled the 10,000 events per second we threw at it.

Each LS Series appliance has a compact 2U (3.5-inch) form factor hosting standard Intel Corp. server hardware. The engines in the LS Series are equipped with dual Intel 2.4GHz Xeon processors, redundant power supplies, fans and hot-swap disk drives with RAID 5 support.

The appliances can support 4GB of memory and as much as 1.8 terabytes of data storage and run a hardened version of Windows 2000 Server with Network Intelligences data collection applications, which run as local services.

The EnVision LS modules tools provided comprehensive, granular data analysis that allowed us to generate useful reports from raw data and provided a useful control panel for monitoring system status at a glance.

Technical Analyst Francis Chu can be reached at