Tuesday, January 22, 2008

FBI Requests Spawn Network Forensics Start-Up

Ellen Messmer
www.computerworld.com

January 22, 2008 (Network World) -- Start-up Packet Analytics Corp. on Monday announced a tool for searching aggregated log data to analyze traffic activity between IP-based host computers.

Net/FSE, which stands for Network Forensic Search Engine, is Linux-based server software that provides a Web interface for network managers to easily see an analytical profile of host-to-host activity based on NetFlow router data as well as log information related to the organization's firewall, intrusion-detection systems and security information management. (Learn more about Security Information Management products from our Security Information Management Buyer's Guide.

The Net/FSE tool was developed at Los Alamos National Laboratory by Packet Analysis co-founders Ben Uphoff and Paul Criscuolo, both former technical staff members at the lab.

"If an enterprise already has centralized logging, we can start directly searching that, and we can also act as the data-aggregation point," said Uphoff, vice president of research, about Net/FSE.

The tool was developed at Los Alamos in response to requests from the FBI to provide detail on network activity based on a list of IP addresses related to possible security problems, he added. The tool is restricted to IPv4 traffic and doesn't support IPv6.

Packet Analytics regards Splunk Inc. and LogLogic Inc. as its closest competitors.

Packet Analytics' goal to commercialize Net/FSE is backed with $100,000 in funding from the Los Alamos National Lab Venture Acceleration Fund, plus $50,000 from Flywheel Ventures and another $50,000 from an undisclosed "angel" investor. The start-up said it has one enterprise customer, Los Alamos National Bank, using Net/FSE.

Santa Fe-based Packet Analytics was founded last July and has only two employees. To spur interest in Net/FSE, the company today will make the Net/FSE software available for free download to those using it to analyze up to 1 million events per day with limited support, says Andy Alsop, co-founder and CEO.

For use with up to 3 million events per day, the price for Net/NSF would be $1,495 with $299 for support each year, with prices of up to $18,900 for the tool and $3,790 for support for use analyzing 50 million events per day.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=lan_wan&articleId=9058331&taxonomyId=80&intsrc=kc_top

No comments: