Have you ever wished for the ability to press a rewind button to back up to a specific point in time to review exactly what was happening on your network at that moment? Maybe there was some sort of major drag on performance around 2:15 last Tuesday afternoon, and you need to diagnose precisely what caused it. Or perhaps you suspect an employee of improperly sending proprietary data outside the firewall a month ago, and you need to confirm your suspicions by viewing the exact network traffic that user generated way back then.

If only there was a device like TiVo for your network. Then you could look back and see it all exactly as it happened.

If you can relate to the TiVo analogy, then you understand what Solera Networks offers. Founded by former file system architects from Novell, Solera Networks has developed a range of appliances that do continuous deep packet capture and stream-to-storage for 100% of your network traffic. Unlike TiVo though, you don’t need to preprogram what to “record”; you simply record it all. Then, if necessary, you can “play back” the traffic of interest to you to conduct your analysis.

This capability is an attractive proposition for enterprise organizations as well as government agencies, and it has a range of uses, including network security, network management, lawful intercept, and forensics/analytics. Consider the possibilities:

* Collecting vast amounts of network information over a long period of time allows you to benchmark your network performance. Then, if performance suddenly takes a hit, you can view a specific window of time and see what is happening that could be causing the performance issues. This takes the guesswork out of problem diagnosis and gives you a shorter time to resolution.

* Virtually every network is vulnerable in some way to viruses and other malware. You might not be able to see immediate outward signs of an infection, but you can view the history of your network traffic during windows of vulnerability (i.e., before an exploit is closed) to trace the origins of malware.

* You can enhance your intrusion detection system by using a Solera appliance to load-balance and segment the analysis of the packets.

* If a network intrusion does take place, you have the historical data to determine when and where the intruder entered, how security was bypassed, where they've been, and what they've done.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.