netForensics nFX Cinxi One
Strengths: Granular network event-based forensic capabilities.
Weaknesses: Requires getting used to as you become familiar with the dashboard.
Verdict: Top-drawer network forensics tool.
The nFX CINXI One appliance from netForensics combines log management with a powerful log correlation engine to provide a very deep look into network security events. This product features the ability to use its Automated Correlation Technology to identify stealth patterns of attack, filter out false positives and prioritize critical events, thus giving a true look at an attack and how it happened. This, combined with the other log correlation and analysis features of the appliance, make it a high performance investigating tool.
The initial installation and setup of the appliance was quite simple and straightforward. Once the appliance is connected to the network, the management console can be launched from any machine connected to the network by accessing the appliance web page. We found this console to be a little overwhelming at first, but we quickly became comfortable navigating around. Configuring the device was also quite easy and we found it intuitive to add assets and networks to be monitored.
We also found the dashboard to contain a wealth of information. Once everything is properly configured, this dashboard gives a quick glance at topology, incidents and threat summaries among other things. This dashboard is also completely customizable for greater flexibility.
Documentation included install, quick-start and implementation guides. The install guide detailed how to get the appliance up on the network and configured for the first time. The quick-start guide provided a few quick steps to get logged into the appliance and become familiar with the interface. Finally, the implementation guide provided an in-depth look at how to configure the product features and configure the product for the environment. We found all the documentation to be well-organized and to include many screen shots and examples.
NetForensics offers a wide range of support options at various support levels as part of annual support agreements. Support options include 24/7/365 phone and email technical support and remote support service, as well as access to product updates. There is also a support portal available to customers that includes a knowledge base and FAQs section.
At a price starting at around $7,500 and going upwards of $27,500 (as tested), this product is priced to meet the needs of almost any type of environment. We find it to be an excellent value for the money.