NetWitness Updates NextGen IT Forensics Platform for EnterpriseBy Ericka Chickowski | Posted 2009-11-04 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
IT forensics vendor NetWitness updates its NextGen platform, which provides enterprise network forensics and advanced threat intelligence. The new version is designed for large enterprises and could make it easier for solution provider channel partners to offer a more complete security solution.
The IT forensics gurus at NetWitness Nov. 4 announced a refresh for the company's
NextGen enterprise network forensics and advanced threat intelligence platform,
which they say will improve its marketability in the enterprise market and
could make it easier for channel partners to compete with a more complete
"What we've done with Version 9.0," says Eddie Schwartz, chief security officer for NetWitness, "is really look at, How do we tailor the product to large enterprises to really support the kind of features, function and extensibility that are required in very large organizations, and also [make] it easier for smaller organizations to deploy pervasively?"
This includes the added integration into common network management and system
management frameworks. NextGen also now offers the means to analyze wireless
"In the past we only captured traffic that was going across a wired connection, but now we support 802.11 networks both in our portable appliances and in our rack-mounted appliances," Schwartz says.
NetWitness also extended the open platform capabilities of NextGen by adding support for C#, Java, Python, Ruby and .NET within its software development kit (SDK).
"We like to pride ourselves on the fact that the software development on the platform is wide open. In other words, once you buy the product, even though it comes with a standard set of easy-to-use and automated and interactive applications, you have the ability within your organization to write scripts to extend the platform," Schwartz says. "You can write your own little custom data mining application ... Say, something based on the business rules of your specific environment. You can generate a script really quickly and create your own business logic to mine this database that we capture in your organization."
Similarly, the new product gives end users the power to easily create custom protocol parsers.
"Some organizations have their own applications or network protocols that we as a commercial vendor wouldn't support," Schwartz says. "We've developed this application, which allows you to essentially take a quick capture of the network traffic and then almost anyone with very basic IT skills can mark up that network or application protocol using XML, load it back into the capture device and then they'll view that home grown protocol as if its a standard internet protocol like web or chat or something like that."
"It's through either VARs, our channel partners or people who have signed up to represent us in some way, either for government business—especially in the international sector, where we do most of our business through partners—and some cases in the commercial sector where we've won partnerships with key companies that we know to be very strong in certain sectors."
He says the company is particularly looking for system integrator partners that can utilize NetWitness to accomplish their client security goals and help break the company into markets where it otherwise might not have an in.
"We really haven't pushed that as much as we probably could and that's an area that's emerging for us," Schwartz says. "We just hired, for example, in the federal sector, a person who is responsible for growing our relationships with system integrators and we have had a number of key wins through that type of approach, so we're looking to expand those types of relationships."