Strengths: Easy to use with deep drill down and application reconstruction ability.
Weaknesses: None that we found.
Verdict: A solid product that not only provides good log analysis, it has the forensics chops to get the investigative job done. Our Best Buy.
SummaryThe Niksun NetDetector goes way beyond simple network-based forensics. This appliance features not only the ability to do forensics and incident analysis, but it also has an onboard intrusion detection system and can do complete network security surveillance. Beyond analysis deep within the packet, this product can also reconstruct applications, such as web browsers and even chat and web-based email.
A solid product that not only provides good log analysis, it has the forensics chops to get the investigative job done. Our Best Buy.
We found this product quite easy to use. The setup takes just a few minutes and most of it is unpacking the appliance. Initial configuration can be done by either connecting a monitor and keyboard directly to the appliance or through a HyperTerminal connection. After entering a few commands to set time and date, we were taken through a brief setup wizard to set IP addresses and IP settings, such as DNS and gateway. Once that was completed, we just plugged it into our network tap and accessed the web GUI. The Java-based web GUI is easy and intuitive to navigate and we were looking at data in no time.
This product is a solid performer. It sits off of a hub, the span port of a switch or a network tap so it sees all network traffic and is able to record anything that goes in or out of the enterprise. When doing analysis, we found drilling down into the many graphs to be an easy task, and finding the exact data was quick and efficient.
This product comes with two main guides. First is a printed customer installation guide. This guide provides the initial setup and installation procedure to get the box up and running and it also clearly diagrams different tap and network connections. From there the user guide takes over and illustrates, in a great amount of detail, the different functions and features of the appliance. Both guides include many screen shots and diagrams.
Customers get one year of support included with the purchase of the Niksun appliance. Support offered includes phone and email support, as well as access to a support portal via the web. This support portal includes access to the latest technical advisories, FAQs, worm/virus notes, learning tools and product documentation.
At a price starting at $10,000, this product is an excellent value for the money. The combination of analysis capability and application reconstruction, along with simple intuitiveness, makes it a solid asset to almost any organization.