NetWitness monitoring tool spots security violations

NextGen data-capture and analysis tool looks for security threats and policy violations.


Start-up NetWitness announces NextGen software, which monitors, records and analyzes traffic inside the corporate network to spot security threats and policy violations.

Start-up NetWitness Corp. Monday announced a security product called NetWitness NextGen that monitors, records and analyzes traffic inside the corporate network to spot security threats and policy violations.

“We’re looking at it from an application and user-level perspective,” says Amit Yoran, NetWitness chairman and chief executive. “It’s based on what you want to be notified about—for instance, failed log-in attempts, or someone at some address switches to the administrator’s account, gets a document and sends it to a printer—any series of events that raises questions.”

Yoran, formerly National Cyber Security Director in the U.S. government’s Dept. of Homeland Security, founded Herndon, Va.-based NetWitness last November with the company’s president Nicholas Lantuh, formerly vice president at ManTech International.

ManTech had acquired an earlier version of NetWitness called Analytics with its purchase of CTX Corp., which had first developed the network-security analysis tool primarily for national-intelligence agencies.

With about $7.5 million in private funding, Yoran and Lantuh bought out the NetWitness product assets and founded the company, which now has 30 employees, to further develop it for more general use. NetWitness can be seen as competing against firms such as Niksun which provide security traffic analysis tools, and the data-leakage prevention firms such as Vontu or PortAuthority (which was acquired by Websense).

NetWitness NextGen is considered the eighth version of NetWitness and it includes server-based components called Decoder and Concentrator which passively record up to 180 terabytes of traffic and also may be used with a storage area network to boost storage capacity.

A tool called NetWitness Informer provides alerts and reports and can analyze traffic according to the Payment Card Industry data standards and the federal government’s Federal Information Security Management Act (FISMA) program.

NetWitness Investigator, a network-analytics workstation, connects to Decoder and Concentrator to search terabytes of captured traffic data and provide forensics and threat analysis through a visual display.

As a whole, NetWitness NextGen is “a monitoring technology that records network traffic and extracts out metadata related to factors such as IP address, ports and more to reconstruct it to look at the user IDs, applications, and content,” says Yoran. “It can see if personal or private information is flowing over the network in unencrypted form in violation of policy. We’re looking at what users are doing, how applications are performing, and whether this is in line with the security policy.”

NetWitness NextGen, which also includes a software development kit to integrate with security information management products, starts at $40,000 and is available today.

Learn more about this topic

Federal CIOs say FISMA could be improved

Credit-card companies revise security standard

DHS re-organization creates new cyber-security position

Must read: 11 hidden tips and tweaks for Windows 10
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies