• United States
Neal Weinberg
Contributing writer, Foundry

Network Intelligence

Feb 03, 20042 mins

* The Reviewmeister tests out security information management tool, Network Intelligence

Okay, you’ve got your firewalls, your IDS, your anti-virus, and whatever other security tools you’re using. And they’re all spitting out huge amounts of data. So how are you supposed to make time to plow through all those logs?

Well, that’s why vendors came up with security information management (SIM) tools, and that’s why we’re testing them.

This week, we’re checking out  Network Intelligence. 

The products we tested all handle SIM differently. One major difference is how they are sold. Network Intelligence is the only product sold as an appliance with hardware and software included. That makes it easy to set up and use.

In terms of the cost model, Network Intelligence is licensed by events per second (EPS).

Network Intelligence sent an installation team to our lab to configure the device for our lab environment and set everything up so alerts and events were being sent to their system from three initial devices in our test bed – a NetScreen Technologies firewall, a Cisco VPN Concentrator and a Cisco Catalyst switch – which all logged directly to syslog.

The Network Intelligence install was quick, lasting just two hours for initial setup, device configuration and a quick tutorial. The installation times directly correlate with the complexity of the product. Network Intelligence is the cleanest product when it comes to setup and adding new devices to monitor, but it is also the least flexible.

We included a NetScreen firewall running an older version of its operating system in our test bed. Network Intelligence could not evaluate events from this NetScreen firewall because they only supported newer versions of the operating system.

Each product gathers data differently, and we were constantly reconfiguring our test bed just to log to a specific product. For example, most products supported the general syslog format of the VPN Concentrator, but Network Intelligence only supported the Cisco IOS  logging format.

Overall, Network Intelligence provides the best setup for new devices, but you are limited to the products they support. Because security analysts will spend many hours a day looking at the SIM interface, the GUI should be intuitive, easy to use and helpful. Again, Network Intelligence provides the most intuitive, easy-to-use interface, but it is not as flexible as some of the other products.

For the full report, go to