Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The IT forensics gurus at NetWitness Nov. 4 announced a refresh for the company’s
NextGen enterprise network forensics and advanced threat intelligence platform,
which they say will improve its marketability in the enterprise market and
could make it easier for channel partners to compete with a more complete
security offering.

"What we’ve done with Version 9.0," says Eddie Schwartz, chief
security officer for NetWitness, "is really look at, How do we tailor the
product to large enterprises to really support the kind of features, function
and extensibility that are required in very large organizations, and also
[make] it easier for smaller organizations to deploy pervasively?"

This includes the added integration into common network management and system
management frameworks. NextGen also now offers the means to analyze wireless

"In the past we only captured traffic that was going across a wired
connection, but now we support 802.11 networks both in our portable appliances
and in our rack-mounted appliances," Schwartz says.

NetWitness also extended the open platform capabilities of NextGen by adding
support for C#, Java, Python, Ruby and .NET
within its software development kit (SDK).

"We like to pride ourselves on the fact that the software development on
the platform is wide open. In other words, once you buy the product, even
though it comes with a standard set of easy-to-use and automated and
interactive applications, you have the ability within your organization to
write scripts to extend the platform," Schwartz says. "You can write
your own little custom data mining application … Say, something based on the
business rules of your specific environment. You can generate a script really
quickly and create your own business logic to mine this database that we
capture in your organization."

Similarly, the new product gives end users the power to easily create custom
protocol parsers.

"Some organizations have their own applications or network protocols that
we as a commercial vendor wouldn’t support," Schwartz says. "We’ve
developed this application, which allows you to essentially take a quick
capture of the network traffic and then almost anyone with very basic IT skills
can mark up that network or application protocol using XML, load it back into the capture device and then they’ll view that home grown protocol as if its a standard internet protocol like web or chat or something like that.”

According to Schwartz, NetWitness currently generates
about 25 percent of its revenue through the channel, though the company
currently does not have an official channel program.

"It’s through either VARs, our channel partners or people who have signed
up to represent us in some way, either for government businessespecially in the international sector, where
we do most of our business through partnersand
some cases in the commercial sector where we’ve won partnerships with key
companies that we know to be very strong in certain sectors."

He says the company is particularly looking for system integrator partners that
can utilize NetWitness to accomplish their client security goals and help break
the company into markets where it otherwise might not have an in.

"We really haven’t pushed that as much as we probably could and that’s an
area that’s emerging for us," Schwartz says. "We just hired, for
example, in the federal sector, a person who is responsible for growing our
relationships with system integrators and we have had a number of key wins
through that type of approach, so we’re looking to expand those types of