SlideShare a Scribd company logo

NetWitness Decoder: Network Traffic Analysis

Aegify Inc.
Aegify Inc.

NetWitness Decoder is a real-time network recording appliance that collects and analyzes full network traffic. It fully reassembles traffic at every layer to enable full session analysis. Decoder creates a foundation of network knowledge that can be mined by NetWitness applications. NetWitness also introduced NextGen Eagle, a portable version of Decoder. NetWitness products like Informer provide reporting, charting and alerting based on the network knowledge captured by Decoder. Investigator is an interactive threat analysis application that allows analysis of network sessions in real-time to investigate threats.

Technology
1 of 9
Download to read offline
NetWitness Decoder How do you know what really happened on your network if you don’t have a Page | 1 record of it? Can you prove definitively what communications did or did not occur on your network? Do you want to have a higher level of assurance regarding actual specific activities on your network? NetWitness® Decoder is the cornerstone of the NetWitness NextGen™ infrastructure and the key component of an enterprise-wide network data recording solution. Decoder is a real- time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyze full network traffic in an infinite number of dimensions. Unlike every other network recording or monitoring products on the market, Decoder fully reassembles and globally normalizes traffic at every layer for full session analysis. The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets. Decoder creates a definitive foundation of Total Network Knowledge™ that can be mined in real-time by the NetWitness® Investigator Enterprise and Informer applications. NetWitness Decoder now also includes NetWitness® Live, which provides you with access to multi-source threat intelligence. For more advanced applications, users can leverage NextGen’s available API/SDK to build more organizational-specific applications which utilize Decoder and the NextGen infrastructure. Decoder represents the intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capabilities on the market. Now Available in a Portable Version! NetWitness has now introduced NetWitness® NextGen Eagle, a portable and compact version of the NetWitness® Decoder. NextGen Eagle broadens NetWitness’ capabilities from fixed network infrastructure devices to include a compact, mobile monitoring system to support law enforcement, incident responders, auditors, intelligence, and consulting staff for field-duty scenarios. Unlike other portable vendor offerings, NextGen Eagle also supports WiFi monitoring with an exceptional depth of analysis. Product Features:  Supports 10G infrastructures  Supports NetWitness® Live  Linux-based, highly configurable, full packet capture and reassembly device  Modular and fully upgradeable hardware platform across entire product line  Indefinitely scales your collection infrastructure upon a distributed, highly manageable, real-time framework TM SecureGRC
 FlexParse™ enabled for rapid, user definable parsing and modelling  Supports threat intelligence feeds that track BOTs, designer malware, darknets, proxies and fast flux networks, etc.  Protocol and application exploitation: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, Page | 2 SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), BitTorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR, Social Networking, Fast Flux and many others.  Expandable SAS storage capacity & supports SAN solutions  Available API/SDK for custom application development  Supports NetWitness Identity for correlating users to network traffic  Supports RSA SecurID and LDAP authentication Deployment: Place NetWitness® Decoder(s) wherever you want to capture traffic: egress, core, facility, or segment. They can be operated continuously or tactically and ingest any network capture feed from any source. Decoders are designed to interoperate with Investigator Enterprise and Informer, as well as push data to central NetWitness® Concentrators for aggregated analytical views. NetWitness® Appliance Models: Form SKU Interface Storage Power Weight Factor NWA 100-8D One copper Ethernet 2TB Total Storage 1 RU Single 25 lbs 100/1000 for Not redundant x 14" (D) 260 (W) management x 1.75" (H) 120/240V One copper 100/1000 x 16.8" Ethernet capture (W) interface NWA 1200-16D Four 100/1000 12TB Total 2 RU Dual Redundant 66lbs Ethernet Storage x 27.75" 850 (W) copper capture Redundant with (D) 120/240V auto interfaces, hotswap x 3.44" (H) switch Or two 1000 Ethernet x 17.6" fiber interfaces, (W) Or two 10G XFP interfaces NWP 50-16D One copper Ethernet 3TB Total Storage Briefcase Single 16 lbs 100/1000 for Redundant x 5.75" (D) 520 (W) management x 11.5" (H) 120/240V One copper Ethernet x 16.8" 100/1000 for capture (W) One WiFi interface for capture TM SecureGRC
*All appliances are UL, FCC, CE and VCCI approved & RoHS Compliant Concentrator and Broker  As an enterprise, can you track malicious and anomalous activity and trends across all network assets? Page | 3  Are there relationships between unexplained network activities across your organization? How can you build global reports regarding the effectiveness of your security controls? NetWitness® Concentrator and Broker are high performance Linux-based network appliances that extend the reach of NetWitness NextGen™ across your entire enterprise, and facilitate real-time and historical reporting and alerting. For the first time, comprehensive network and application layer detail can be aggregated and analyzed across multiple capture locations and made available to NextGen’s analytic applications, Informer and Investigator. NetWitness Concentrators aggregate clusters of NetWitness® Decoders in real-time, and NetWitness Broker provides a real-time, single, hierarchical enterprise view across your entire network. NetWitness® Live, fully integrated in the NetWitness infrastructure, provides users full content analysis of network threat intelligence from multiple, globally-distributed threat intelligence sources. NetWitness Concentrator is designed to aggregate data hierarchically for ultimate scalability and deployment flexibility across various organization-specific network topologies and infrastructures. As a result, Concentrators can be tiered in deployments to give visibility into multiple capture locations. NetWitness Broker also is designed to operate hierarchically; however, its function is to broker queries across an entire enterprise deployment. Broker provides a single point of access to NextGen data and is designed to operate and scale in any network environment, independent of network latency, throughput, or data volume. Concentrator and Broker are fully compatible with all NetWitness analytical products. For more advanced applications, users can leverage NextGen’s available API/SDK to build organizational-specific applications which utilize the NetWitness NextGen™ infrastructure. Product Features:  Supports 10G infrastructures  Supports NetWitness® Live  64-bit Linux-based, modular and fully upgradeable hardware platform across the entire product line  Easily aggregate multiple NetWitness® Decoder collection systems  Deploy a single enterprise analysis point with Broker  Manage and configure appliances from a single point TM SecureGRC
 Indefinitely scale your collection infrastructure upon distributed, highly manageable, real-time framework  Expandable SAS storage capacity & supports SAN solutions  Available API/SDK for custom application development  Supports RSA SecurID and LDAP authentication Page | 4 NetWitness® Appliance Models: Product SKU Interface Storage Rack Unit Power Weight Broker NWA 100-8b Two copper 2TB Total 1 U x 16.8" (W) 260 W, 25 lbs Ethernet Storage. x 14" (D) stand alone 100/1000 Redundant x 1.75" (H) 120/240V auto switch Concentrator NWA 400-16c Two copper 4TB Total 1 U x 17.2" (D) 560 W, 38lbs Ethernet Storage. x 25.6" (H) stand alone 100/1000 Not x 1.7" (W) 120/240V Redundant auto switch Concentrator NWA 1200-32c * Two copper 12TB Total 2 U x 17.6" (D) 850 W, 66lbs Ethernet Storage. x 27.75" (H) Dual 100/1000 Redundant x 3.44" (W) Redundant Or two fiber with hotswap. 120/240V Ethernet auto switch 1000 All appliances are UL, FCC, and CE approved & RoHS Compliant. *Also VCCI approved. Informer  Is your network communicating with Botnets?  Is sensitive data leaking from your network?  Does your organization have insiders whose activities are illegal or competitive?  Are you monitoring operational regulatory compliance? TM SecureGRC
Page | 5 NetWitness® Informer is the enterprise reporting, live charting and alerting application of the NetWitness NextGen™ product suite. Informer leverages the power and Total Network Knowledge inherent in the NextGen data capture and session reconstruction infrastructure, and the analytics of NetWitness Investigator Enterprise to provide detailed reporting, charting and alerting on network performance, insider threats, data leakage, compliance monitoring, I/T asset misuse, hacker activities, and a host of other threats. NetWitness® Informer is a revolutionary new approach to network reporting and alerting. Informer goes beyond traditional network reporting and alerting products on the market because it does not simply rely upon log files, netflow, or other limited data sets to generate reports. Informer uses the comprehensive network traffic that is captured and reconstructed by the NextGen infrastructure to provide a real-time glimpse into incidents, threats, anomalies, misconfigurations, compliance violations, and other malicious or benign activities on your network. Informer is a fully interactive, intuitive web-based report engine with design features that enable users of any level to create the perfect report without sophisticated programming or outside help. In addition, every report result is backed up with hard evidence, with one click into NetWitness Investigator Enterprise. And by integrating NetWitness Investigator Enterprise with NetWitness® Live, you also have access to multi-source threat intelligence. Every network reporting product on the market today uses log files or complex network layer or flow information as its data source. Not only does NetWitness® Informer provide the type of insight provides by these products, but it also goes above and beyond to allow access to unprecedented details into network applications and application layer content. This efficiency allows users to replace dozens of reports from existing technologies, with a single Informer report. And it is this intersection of network metrics, rich application flow and content information that differentiates NetWitness® NextGen from any other capability on the market. Deployment: Connect NetWitness® Informer to any NetWitness® Decoder or NetWitness® Concentrator for reporting against that infrastructure TM SecureGRC
Product Features:  Supports NetWitness® Live  Hundreds of predefined report rules, categories and templates  Flexible, WYSIWYG drag-and-drop report builder & scheduling engine  Fully customizable, XML-based rules and report library for infinite report and alert combinations Page | 6  Live-charting for real-time dashboard of activity  Full role-based access controls  HTML and PDF report formats included  Supports CEF, SNMP, SysLog, SMTP data push  Offered as Windows® server software –or- integrated appliance for total flexibility Report Examples:  Security - profile and alert on zero-day, Botnet, DYN, DNS and intrusion activity with complete content  Compliance - audit network-based components of policies and regulations such as FISMA, HIPPA, ISO 1779, SOXGLB, and PCI standards  IT Operations - report and chart across application and network layer metrics  Business Intelligence - profile sensitive data flow in real-time with total access to all events and content surrounding suspect activity  Insider Threat - monitor and profile computer, user, and resource activity across every application and device  Legal – support e-Discovery, criminal investigations, or liability audits through network entity profiling and analysis Screenshots: NetWitness Informer features a fully customizable graphical user interface. Alerts can be viewed in real-time and multiple alerts and charts can be tiled into a customized view. Download NetWitness Investigator Free! Read More» Minimum system requirements: NetWitness recommends the following minimum hardware requirements for NetWitness Informer software.  Windows® 2003 Server or Vista  Microsoft IIS 5.0+  2GB RAM  1 Ethernet Port  Internet Explorer v7 (also supports Firefox, Chrome and Safari browsers )  .NET 2.0 with AJAX.NET Extensions TM SecureGRC
NetWitness® Informer Appliance: SKU Interface Storage Rack Unit Power Weight NWA 100-4i Two copper Ethernet 2TB Total Storage. 1 RU Single 25 lbs 100/1000 Redundant x 16.98" (W) 260 W, x 14" (D) 120/240V Page | 7 x 1.75" (H) *All appliances are UL, FCC, CE and VCCI approved & RoHS Compliant Investigator  How do you resolve alerts from your IDS or SIM that you do not understand?  Can you quickly understand the scope and impact of malicious activity on your network?  How can you investigate who is leaking information to your competitors or the press? NetWitness® Investigator is the award-winning interactive threat analysis application of the NetWitness NextGen product suite. Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed by the NetWitness NextGen infrastructure. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defense, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments. With its groundbreaking user interface and unprecedented analytics, Investigator lets you see your network traffic in a new way. Unlike packet analysis products which display network traffic in the context of confusing network nomenclature, Investigator uses a lexicon of nouns, verbs and adjectives – characteristics of the actual application and logic layer protocols parsed by NextGen during session reconstruction. TM SecureGRC
Both novice and expert users can use Investigator to pivot terabytes of network traffic easily to dive deeply into the context and content of network sessions in real-time -- making threat analysis that once took days, take only minutes. It is this intersection of network metrics, rich application flow, and content information that differentiates NetWitness® products from any other capability on the market today. In addition to the rich data Investigator receives from the NextGen infrastructure of NetWitness Decoders and Concentrators, Investigator Enterprise can locally capture live traffic and process packet files from Page | 8 virtually any existing network collection device for quick and easy analysis. And by integrating NetWitness Investigator Enterprise with NetWitness® Live, you also have access to multi-source threat intelligence. Product Features:  Supports NetWitness® Live  SSL Decryption (with server certificate)  Interactive time charts, and summary view  Interactive packet view and decode  Hash Pcap on Export  Enhanced content views o Real-time, Patented Layer 7 Analytics o Effectively analyze data starting from application layer entities like users, email, address, files , and actions. o Infinite, free-form analysis paths o Content starting points o Patented port agnostic service identification  Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)  IPv6 support  Captures live from any wired or wireless interface  Full content search, with Regex support  Exports data in .pcap format  Imports packets from any open-source, home-grown and commercial packet capture system(e.g. .pcap file import)  Bookmarking & History Tracking  Integrated GeoIP for resolving IP addresses to city/county, supporting Google Earth visualization  Customizable right-click functionality  Supports WLAN 802.11 Microsoft, Linux and Mac OS radio devices as well as various header formats including CACE’s per packet information  Supports RSA SecurID and LDAP authentication TM SecureGRC
Choose your Edition: No matter what your IT problem, existing infrastructure, or technology preference—there's an edition of NetWitness® Investigator that's right for you. Use the descriptions below to help you choose your edition. Investigator With Investigator you are provided with a full featured, stand-alone product capable of local live capture and Page | 9 local packet file importing. Ideal for tactical and point analysis of network traffic. Supports 25 simultaneous 1GB captures - far exceeding data manipulation capabilities of packet tools like Wireshark Investigator Enterprise Licensed to customers with a NetWitness NextGen™ infrastructure, Investigator Enterprise is ideal for enterprise users that require remote analytical access to NetWitness NextGen™ Linux-based appliances. Deployment: NetWitness Investigator is licensed per computer host, and can be used to locally process packet files, collect live from a network tap or span port with insight into network traffic of your choice. In addition, Investigator is fully integrated with all NetWitness NextGen™ products. Screenshots: NetWitness Investigator’s industry leading interactive user interface provides the threat analyst the ability to drill into multiple dimensions of terabytes captured traffic across all network layers. View complete information about any network sessions by drilling into fully reconstructed content and visualize your network traffic geographically via Google Earth. Minimum system requirements: NetWitness recommends the following minimum hardware requirements for NetWitness Investigator:  Windows® 2003 Server or Vista 32-bit  Single 2Ghz Intel-based processor (Dual-core recommended)  1GB RAM (2GB Recommended)  1 Ethernet Port  Internet Explorer v7+ (IE v6 may limit some functionality)  Ample data storage to process and collect To buy NetWitness or to find out how to integrate NextGen with enterprise SecureGRC TM integrated IT-GRC and security framework click here TM SecureGRC

Recommended

Hacking QNX
Hacking QNXHacking QNX
Hacking QNXricardomcm
 
Qnx os
Qnx osQnx os
Qnx osStudent
 
Стратегия Juniper в контексте Web 2.0
Стратегия Juniper в контексте Web 2.0Стратегия Juniper в контексте Web 2.0
Стратегия Juniper в контексте Web 2.0TERMILAB. Интернет - лаборатория
 
Review of QNX
Review of QNXReview of QNX
Review of QNXRobert-Emmanuel Mayssat
 
QNX Software Systems
QNX Software SystemsQNX Software Systems
QNX Software SystemsRobert-Emmanuel Mayssat
 
Cisco MDS 9148 Multilayer Fabric Switch
Cisco MDS 9148 Multilayer Fabric SwitchCisco MDS 9148 Multilayer Fabric Switch
Cisco MDS 9148 Multilayer Fabric SwitchSuministros Obras y Sistemas
 
QNX Sales Engineering Presentation
QNX Sales Engineering PresentationQNX Sales Engineering Presentation
QNX Sales Engineering PresentationRobert-Emmanuel Mayssat
 
QNX OS
QNX OSQNX OS
QNX OSGuevarra Institute of Technology
 

Recommended

Hacking QNX
Hacking QNXHacking QNX
Hacking QNXricardomcm
 
Qnx os
Qnx osQnx os
Qnx osStudent
 
Стратегия Juniper в контексте Web 2.0
Стратегия Juniper в контексте Web 2.0Стратегия Juniper в контексте Web 2.0
Стратегия Juniper в контексте Web 2.0TERMILAB. Интернет - лаборатория
 
Review of QNX
Review of QNXReview of QNX
Review of QNXRobert-Emmanuel Mayssat
 
QNX Software Systems
QNX Software SystemsQNX Software Systems
QNX Software SystemsRobert-Emmanuel Mayssat
 
Cisco MDS 9148 Multilayer Fabric Switch
Cisco MDS 9148 Multilayer Fabric SwitchCisco MDS 9148 Multilayer Fabric Switch
Cisco MDS 9148 Multilayer Fabric SwitchSuministros Obras y Sistemas
 
QNX Sales Engineering Presentation
QNX Sales Engineering PresentationQNX Sales Engineering Presentation
QNX Sales Engineering PresentationRobert-Emmanuel Mayssat
 
QNX OS
QNX OSQNX OS
QNX OSGuevarra Institute of Technology
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHAegify Inc.
 
Cheatr
CheatrCheatr
CheatrMichelleFlynn
 
Cisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social MediaCisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social MediaZoya Morrison
 
Library based learning_ggunes&naydin
Library based learning_ggunes&naydinLibrary based learning_ggunes&naydin
Library based learning_ggunes&naydinMarmara University
 
Nature of work - The Search for Jack
Nature of work - The Search for JackNature of work - The Search for Jack
Nature of work - The Search for JackMichelleFlynn
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
Charles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership PresentationCharles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership PresentationJess Farr
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCAegify Inc.
 
Introduction to Pinterest
Introduction to PinterestIntroduction to Pinterest
Introduction to PinterestSomdeep Sen
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizingMacalester Civic Engagement Center
 
Tesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationTesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationJess Farr
 
Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Jess Farr
 
Yashar zargari
Yashar zargariYashar zargari
Yashar zargarisimorgh
 
Ncvo october 7 mind presentation
Ncvo october 7 mind presentationNcvo october 7 mind presentation
Ncvo october 7 mind presentationJess Farr
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
 
Presentación 4to i sdmj
Presentación 4to i sdmjPresentación 4to i sdmj
Presentación 4to i sdmjMaría José
 
Oct 7 foresight presentation
Oct 7 foresight presentationOct 7 foresight presentation
Oct 7 foresight presentationJess Farr
 
Ncvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationNcvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationJess Farr
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizingMacalester Civic Engagement Center
 
Juniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveJuniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveSamuel Liu
 
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PROIDEA
 

More Related Content

Viewers also liked

SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHAegify Inc.
 
Cisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social MediaCisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social MediaZoya Morrison
 
Library based learning_ggunes&naydin
Library based learning_ggunes&naydinLibrary based learning_ggunes&naydin
Library based learning_ggunes&naydinMarmara University
 
Nature of work - The Search for Jack
Nature of work - The Search for JackNature of work - The Search for Jack
Nature of work - The Search for JackMichelleFlynn
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
Charles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership PresentationCharles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership PresentationJess Farr
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCAegify Inc.
 
Introduction to Pinterest
Introduction to PinterestIntroduction to Pinterest
Introduction to PinterestSomdeep Sen
 
Tesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationTesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationJess Farr
 
Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Jess Farr
 
Yashar zargari
Yashar zargariYashar zargari
Yashar zargarisimorgh
 
Ncvo october 7 mind presentation
Ncvo october 7 mind presentationNcvo october 7 mind presentation
Ncvo october 7 mind presentationJess Farr
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
 
Presentación 4to i sdmj
Presentación 4to i sdmjPresentación 4to i sdmj
Presentación 4to i sdmjMaría José
 
Oct 7 foresight presentation
Oct 7 foresight presentationOct 7 foresight presentation
Oct 7 foresight presentationJess Farr
 
Ncvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationNcvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationJess Farr
 

Viewers also liked (20)

SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECH
 
Cheatr
CheatrCheatr
Cheatr
 
Cisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social MediaCisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social Media
 
Library based learning_ggunes&naydin
Library based learning_ggunes&naydinLibrary based learning_ggunes&naydin
Library based learning_ggunes&naydin
 
Nature of work - The Search for Jack
Nature of work - The Search for JackNature of work - The Search for Jack
Nature of work - The Search for Jack
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the Cloud
 
Charles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership PresentationCharles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership Presentation
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
 
Introduction to Pinterest
Introduction to PinterestIntroduction to Pinterest
Introduction to Pinterest
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizing
 
Tesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationTesy Britton Future of Membership Presentation
Tesy Britton Future of Membership Presentation
 
Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB
 
Yashar zargari
Yashar zargariYashar zargari
Yashar zargari
 
Ncvo october 7 mind presentation
Ncvo october 7 mind presentationNcvo october 7 mind presentation
Ncvo october 7 mind presentation
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
 
Presentación 4to i sdmj
Presentación 4to i sdmjPresentación 4to i sdmj
Presentación 4to i sdmj
 
Oct 7 foresight presentation
Oct 7 foresight presentationOct 7 foresight presentation
Oct 7 foresight presentation
 
Ncvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationNcvo october 7 yrhf presentation
Ncvo october 7 yrhf presentation
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizing
 

Similar to NetWitness Decoder: Network Traffic Analysis

Juniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveJuniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveSamuel Liu
 
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PROIDEA
 
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...Cary Hayward
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
Extreme Networks Black diamond 8000-DS
Extreme Networks Black diamond 8000-DSExtreme Networks Black diamond 8000-DS
Extreme Networks Black diamond 8000-DSN-TEK Distribution
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Brad Eckert
 
CloudSmartz Disaster Recovery [Use Case] | Smarter Transformation
CloudSmartz Disaster Recovery [Use Case] | Smarter TransformationCloudSmartz Disaster Recovery [Use Case] | Smarter Transformation
CloudSmartz Disaster Recovery [Use Case] | Smarter TransformationCloudSmartz
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
 
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter Transformation
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter TransformationCloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter Transformation
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter TransformationCloudSmartz
 
huawei-s5700-28x-li-dc-brochure-datasheet.pdf
huawei-s5700-28x-li-dc-brochure-datasheet.pdfhuawei-s5700-28x-li-dc-brochure-datasheet.pdf
huawei-s5700-28x-li-dc-brochure-datasheet.pdfHi-Network.com
 
Arista reinventing data center switching
Arista reinventing data center switchingArista reinventing data center switching
Arista reinventing data center switchingVLCM2015
 
Jeff Green April 2011 May V1
Jeff Green April 2011 May V1Jeff Green April 2011 May V1
Jeff Green April 2011 May V1JeffGreenMichigan
 
CloudStack Build A Cloud Day (SCaLE 2013)
CloudStack Build A Cloud Day (SCaLE 2013)CloudStack Build A Cloud Day (SCaLE 2013)
CloudStack Build A Cloud Day (SCaLE 2013)Clayton Weise
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPEMichelle Holley
 

Similar to NetWitness Decoder: Network Traffic Analysis (20)

Juniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep DiveJuniper Wireless Competitive Deep Dive
Juniper Wireless Competitive Deep Dive
 
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
 
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...
Power of Open SDN- The Vendor Neutral Approach to Optimizing Your Network 09...
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
Extreme Networks Black diamond 8000-DS
Extreme Networks Black diamond 8000-DSExtreme Networks Black diamond 8000-DS
Extreme Networks Black diamond 8000-DS
 
Allied Telesis x610 Series
Allied Telesis x610 SeriesAllied Telesis x610 Series
Allied Telesis x610 Series
 
Allied Telesis x930 Series
Allied Telesis x930 SeriesAllied Telesis x930 Series
Allied Telesis x930 Series
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
NSX, un salt natural cap a SDN
NSX, un salt natural cap a SDNNSX, un salt natural cap a SDN
NSX, un salt natural cap a SDN
 
CloudSmartz Disaster Recovery [Use Case] | Smarter Transformation
CloudSmartz Disaster Recovery [Use Case] | Smarter TransformationCloudSmartz Disaster Recovery [Use Case] | Smarter Transformation
CloudSmartz Disaster Recovery [Use Case] | Smarter Transformation
 
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter Transformation
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter TransformationCloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter Transformation
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter Transformation
 
huawei-s5700-28x-li-dc-brochure-datasheet.pdf
huawei-s5700-28x-li-dc-brochure-datasheet.pdfhuawei-s5700-28x-li-dc-brochure-datasheet.pdf
huawei-s5700-28x-li-dc-brochure-datasheet.pdf
 
Arista reinventing data center switching
Arista reinventing data center switchingArista reinventing data center switching
Arista reinventing data center switching
 
Jeff Green April 2011 May V1
Jeff Green April 2011 May V1Jeff Green April 2011 May V1
Jeff Green April 2011 May V1
 
CloudStack Build A Cloud Day (SCaLE 2013)
CloudStack Build A Cloud Day (SCaLE 2013)CloudStack Build A Cloud Day (SCaLE 2013)
CloudStack Build A Cloud Day (SCaLE 2013)
 
Allied Telesis IE510-28GSX
Allied Telesis IE510-28GSXAllied Telesis IE510-28GSX
Allied Telesis IE510-28GSX
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 

More from Aegify Inc.

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityAegify Inc.
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedAegify Inc.
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityAegify Inc.
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non complianceAegify Inc.
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAegify Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryAegify Inc.
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsAegify Inc.
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaasAegify Inc.
 

More from Aegify Inc. (11)

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support Cybersecurity
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus Demystified
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks security
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non compliance
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and Buts
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industry
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance Solutions
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaas
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

NetWitness Decoder: Network Traffic Analysis

  • 1. NetWitness Decoder How do you know what really happened on your network if you don’t have a Page | 1 record of it? Can you prove definitively what communications did or did not occur on your network? Do you want to have a higher level of assurance regarding actual specific activities on your network? NetWitness® Decoder is the cornerstone of the NetWitness NextGen™ infrastructure and the key component of an enterprise-wide network data recording solution. Decoder is a real- time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyze full network traffic in an infinite number of dimensions. Unlike every other network recording or monitoring products on the market, Decoder fully reassembles and globally normalizes traffic at every layer for full session analysis. The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets. Decoder creates a definitive foundation of Total Network Knowledge™ that can be mined in real-time by the NetWitness® Investigator Enterprise and Informer applications. NetWitness Decoder now also includes NetWitness® Live, which provides you with access to multi-source threat intelligence. For more advanced applications, users can leverage NextGen’s available API/SDK to build more organizational-specific applications which utilize Decoder and the NextGen infrastructure. Decoder represents the intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capabilities on the market. Now Available in a Portable Version! NetWitness has now introduced NetWitness® NextGen Eagle, a portable and compact version of the NetWitness® Decoder. NextGen Eagle broadens NetWitness’ capabilities from fixed network infrastructure devices to include a compact, mobile monitoring system to support law enforcement, incident responders, auditors, intelligence, and consulting staff for field-duty scenarios. Unlike other portable vendor offerings, NextGen Eagle also supports WiFi monitoring with an exceptional depth of analysis. Product Features:  Supports 10G infrastructures  Supports NetWitness® Live  Linux-based, highly configurable, full packet capture and reassembly device  Modular and fully upgradeable hardware platform across entire product line  Indefinitely scales your collection infrastructure upon a distributed, highly manageable, real-time framework TM SecureGRC
  • 2. FlexParse™ enabled for rapid, user definable parsing and modelling  Supports threat intelligence feeds that track BOTs, designer malware, darknets, proxies and fast flux networks, etc.  Protocol and application exploitation: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, Page | 2 SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), BitTorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR, Social Networking, Fast Flux and many others.  Expandable SAS storage capacity & supports SAN solutions  Available API/SDK for custom application development  Supports NetWitness Identity for correlating users to network traffic  Supports RSA SecurID and LDAP authentication Deployment: Place NetWitness® Decoder(s) wherever you want to capture traffic: egress, core, facility, or segment. They can be operated continuously or tactically and ingest any network capture feed from any source. Decoders are designed to interoperate with Investigator Enterprise and Informer, as well as push data to central NetWitness® Concentrators for aggregated analytical views. NetWitness® Appliance Models: Form SKU Interface Storage Power Weight Factor NWA 100-8D One copper Ethernet 2TB Total Storage 1 RU Single 25 lbs 100/1000 for Not redundant x 14" (D) 260 (W) management x 1.75" (H) 120/240V One copper 100/1000 x 16.8" Ethernet capture (W) interface NWA 1200-16D Four 100/1000 12TB Total 2 RU Dual Redundant 66lbs Ethernet Storage x 27.75" 850 (W) copper capture Redundant with (D) 120/240V auto interfaces, hotswap x 3.44" (H) switch Or two 1000 Ethernet x 17.6" fiber interfaces, (W) Or two 10G XFP interfaces NWP 50-16D One copper Ethernet 3TB Total Storage Briefcase Single 16 lbs 100/1000 for Redundant x 5.75" (D) 520 (W) management x 11.5" (H) 120/240V One copper Ethernet x 16.8" 100/1000 for capture (W) One WiFi interface for capture TM SecureGRC
  • 3. *All appliances are UL, FCC, CE and VCCI approved & RoHS Compliant Concentrator and Broker  As an enterprise, can you track malicious and anomalous activity and trends across all network assets? Page | 3  Are there relationships between unexplained network activities across your organization? How can you build global reports regarding the effectiveness of your security controls? NetWitness® Concentrator and Broker are high performance Linux-based network appliances that extend the reach of NetWitness NextGen™ across your entire enterprise, and facilitate real-time and historical reporting and alerting. For the first time, comprehensive network and application layer detail can be aggregated and analyzed across multiple capture locations and made available to NextGen’s analytic applications, Informer and Investigator. NetWitness Concentrators aggregate clusters of NetWitness® Decoders in real-time, and NetWitness Broker provides a real-time, single, hierarchical enterprise view across your entire network. NetWitness® Live, fully integrated in the NetWitness infrastructure, provides users full content analysis of network threat intelligence from multiple, globally-distributed threat intelligence sources. NetWitness Concentrator is designed to aggregate data hierarchically for ultimate scalability and deployment flexibility across various organization-specific network topologies and infrastructures. As a result, Concentrators can be tiered in deployments to give visibility into multiple capture locations. NetWitness Broker also is designed to operate hierarchically; however, its function is to broker queries across an entire enterprise deployment. Broker provides a single point of access to NextGen data and is designed to operate and scale in any network environment, independent of network latency, throughput, or data volume. Concentrator and Broker are fully compatible with all NetWitness analytical products. For more advanced applications, users can leverage NextGen’s available API/SDK to build organizational-specific applications which utilize the NetWitness NextGen™ infrastructure. Product Features:  Supports 10G infrastructures  Supports NetWitness® Live  64-bit Linux-based, modular and fully upgradeable hardware platform across the entire product line  Easily aggregate multiple NetWitness® Decoder collection systems  Deploy a single enterprise analysis point with Broker  Manage and configure appliances from a single point TM SecureGRC
  • 4. Indefinitely scale your collection infrastructure upon distributed, highly manageable, real-time framework  Expandable SAS storage capacity & supports SAN solutions  Available API/SDK for custom application development  Supports RSA SecurID and LDAP authentication Page | 4 NetWitness® Appliance Models: Product SKU Interface Storage Rack Unit Power Weight Broker NWA 100-8b Two copper 2TB Total 1 U x 16.8" (W) 260 W, 25 lbs Ethernet Storage. x 14" (D) stand alone 100/1000 Redundant x 1.75" (H) 120/240V auto switch Concentrator NWA 400-16c Two copper 4TB Total 1 U x 17.2" (D) 560 W, 38lbs Ethernet Storage. x 25.6" (H) stand alone 100/1000 Not x 1.7" (W) 120/240V Redundant auto switch Concentrator NWA 1200-32c * Two copper 12TB Total 2 U x 17.6" (D) 850 W, 66lbs Ethernet Storage. x 27.75" (H) Dual 100/1000 Redundant x 3.44" (W) Redundant Or two fiber with hotswap. 120/240V Ethernet auto switch 1000 All appliances are UL, FCC, and CE approved & RoHS Compliant. *Also VCCI approved. Informer  Is your network communicating with Botnets?  Is sensitive data leaking from your network?  Does your organization have insiders whose activities are illegal or competitive?  Are you monitoring operational regulatory compliance? TM SecureGRC
  • 5. Page | 5 NetWitness® Informer is the enterprise reporting, live charting and alerting application of the NetWitness NextGen™ product suite. Informer leverages the power and Total Network Knowledge inherent in the NextGen data capture and session reconstruction infrastructure, and the analytics of NetWitness Investigator Enterprise to provide detailed reporting, charting and alerting on network performance, insider threats, data leakage, compliance monitoring, I/T asset misuse, hacker activities, and a host of other threats. NetWitness® Informer is a revolutionary new approach to network reporting and alerting. Informer goes beyond traditional network reporting and alerting products on the market because it does not simply rely upon log files, netflow, or other limited data sets to generate reports. Informer uses the comprehensive network traffic that is captured and reconstructed by the NextGen infrastructure to provide a real-time glimpse into incidents, threats, anomalies, misconfigurations, compliance violations, and other malicious or benign activities on your network. Informer is a fully interactive, intuitive web-based report engine with design features that enable users of any level to create the perfect report without sophisticated programming or outside help. In addition, every report result is backed up with hard evidence, with one click into NetWitness Investigator Enterprise. And by integrating NetWitness Investigator Enterprise with NetWitness® Live, you also have access to multi-source threat intelligence. Every network reporting product on the market today uses log files or complex network layer or flow information as its data source. Not only does NetWitness® Informer provide the type of insight provides by these products, but it also goes above and beyond to allow access to unprecedented details into network applications and application layer content. This efficiency allows users to replace dozens of reports from existing technologies, with a single Informer report. And it is this intersection of network metrics, rich application flow and content information that differentiates NetWitness® NextGen from any other capability on the market. Deployment: Connect NetWitness® Informer to any NetWitness® Decoder or NetWitness® Concentrator for reporting against that infrastructure TM SecureGRC
  • 6. Product Features:  Supports NetWitness® Live  Hundreds of predefined report rules, categories and templates  Flexible, WYSIWYG drag-and-drop report builder & scheduling engine  Fully customizable, XML-based rules and report library for infinite report and alert combinations Page | 6  Live-charting for real-time dashboard of activity  Full role-based access controls  HTML and PDF report formats included  Supports CEF, SNMP, SysLog, SMTP data push  Offered as Windows® server software –or- integrated appliance for total flexibility Report Examples:  Security - profile and alert on zero-day, Botnet, DYN, DNS and intrusion activity with complete content  Compliance - audit network-based components of policies and regulations such as FISMA, HIPPA, ISO 1779, SOXGLB, and PCI standards  IT Operations - report and chart across application and network layer metrics  Business Intelligence - profile sensitive data flow in real-time with total access to all events and content surrounding suspect activity  Insider Threat - monitor and profile computer, user, and resource activity across every application and device  Legal – support e-Discovery, criminal investigations, or liability audits through network entity profiling and analysis Screenshots: NetWitness Informer features a fully customizable graphical user interface. Alerts can be viewed in real-time and multiple alerts and charts can be tiled into a customized view. Download NetWitness Investigator Free! Read More» Minimum system requirements: NetWitness recommends the following minimum hardware requirements for NetWitness Informer software.  Windows® 2003 Server or Vista  Microsoft IIS 5.0+  2GB RAM  1 Ethernet Port  Internet Explorer v7 (also supports Firefox, Chrome and Safari browsers )  .NET 2.0 with AJAX.NET Extensions TM SecureGRC
  • 7. NetWitness® Informer Appliance: SKU Interface Storage Rack Unit Power Weight NWA 100-4i Two copper Ethernet 2TB Total Storage. 1 RU Single 25 lbs 100/1000 Redundant x 16.98" (W) 260 W, x 14" (D) 120/240V Page | 7 x 1.75" (H) *All appliances are UL, FCC, CE and VCCI approved & RoHS Compliant Investigator  How do you resolve alerts from your IDS or SIM that you do not understand?  Can you quickly understand the scope and impact of malicious activity on your network?  How can you investigate who is leaking information to your competitors or the press? NetWitness® Investigator is the award-winning interactive threat analysis application of the NetWitness NextGen product suite. Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed by the NetWitness NextGen infrastructure. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defense, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments. With its groundbreaking user interface and unprecedented analytics, Investigator lets you see your network traffic in a new way. Unlike packet analysis products which display network traffic in the context of confusing network nomenclature, Investigator uses a lexicon of nouns, verbs and adjectives – characteristics of the actual application and logic layer protocols parsed by NextGen during session reconstruction. TM SecureGRC
  • 8. Both novice and expert users can use Investigator to pivot terabytes of network traffic easily to dive deeply into the context and content of network sessions in real-time -- making threat analysis that once took days, take only minutes. It is this intersection of network metrics, rich application flow, and content information that differentiates NetWitness® products from any other capability on the market today. In addition to the rich data Investigator receives from the NextGen infrastructure of NetWitness Decoders and Concentrators, Investigator Enterprise can locally capture live traffic and process packet files from Page | 8 virtually any existing network collection device for quick and easy analysis. And by integrating NetWitness Investigator Enterprise with NetWitness® Live, you also have access to multi-source threat intelligence. Product Features:  Supports NetWitness® Live  SSL Decryption (with server certificate)  Interactive time charts, and summary view  Interactive packet view and decode  Hash Pcap on Export  Enhanced content views o Real-time, Patented Layer 7 Analytics o Effectively analyze data starting from application layer entities like users, email, address, files , and actions. o Infinite, free-form analysis paths o Content starting points o Patented port agnostic service identification  Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)  IPv6 support  Captures live from any wired or wireless interface  Full content search, with Regex support  Exports data in .pcap format  Imports packets from any open-source, home-grown and commercial packet capture system(e.g. .pcap file import)  Bookmarking & History Tracking  Integrated GeoIP for resolving IP addresses to city/county, supporting Google Earth visualization  Customizable right-click functionality  Supports WLAN 802.11 Microsoft, Linux and Mac OS radio devices as well as various header formats including CACE’s per packet information  Supports RSA SecurID and LDAP authentication TM SecureGRC
  • 9. Choose your Edition: No matter what your IT problem, existing infrastructure, or technology preference—there's an edition of NetWitness® Investigator that's right for you. Use the descriptions below to help you choose your edition. Investigator With Investigator you are provided with a full featured, stand-alone product capable of local live capture and Page | 9 local packet file importing. Ideal for tactical and point analysis of network traffic. Supports 25 simultaneous 1GB captures - far exceeding data manipulation capabilities of packet tools like Wireshark Investigator Enterprise Licensed to customers with a NetWitness NextGen™ infrastructure, Investigator Enterprise is ideal for enterprise users that require remote analytical access to NetWitness NextGen™ Linux-based appliances. Deployment: NetWitness Investigator is licensed per computer host, and can be used to locally process packet files, collect live from a network tap or span port with insight into network traffic of your choice. In addition, Investigator is fully integrated with all NetWitness NextGen™ products. Screenshots: NetWitness Investigator’s industry leading interactive user interface provides the threat analyst the ability to drill into multiple dimensions of terabytes captured traffic across all network layers. View complete information about any network sessions by drilling into fully reconstructed content and visualize your network traffic geographically via Google Earth. Minimum system requirements: NetWitness recommends the following minimum hardware requirements for NetWitness Investigator:  Windows® 2003 Server or Vista 32-bit  Single 2Ghz Intel-based processor (Dual-core recommended)  1GB RAM (2GB Recommended)  1 Ethernet Port  Internet Explorer v7+ (IE v6 may limit some functionality)  Ample data storage to process and collect To buy NetWitness or to find out how to integrate NextGen with enterprise SecureGRC TM integrated IT-GRC and security framework click here TM SecureGRC