NetMon

Name: NetMon
Brand: Exabeam
Availability: InStock

Monitor your organization’s network and gain real-time network traffic visibility into your LogRhythm or New-Scale Security Operations Platform deployment.

Request a Demo Read the Data Sheet

4700+

applications with True Application Identification

10Gb/s

network inspection speeds

2.5Gb/s

network capture speed

NETWORK VISIBILITY

Immediately recognize suspicious activity

Automatically identify and categorize traffic from almost 5,000 applications using True Application Identification advanced classification methods and deep packet inspection.

Packet metadata derived from each network session
Layer 3–7 packet capture stored in industry-standard PCAP format with full packet capture
Custom integrations and automation with a full-featured REST API

Immediately recognize suspicious activity

RISK MONITORING

Automate threat detection

Compare data with ready-made rules and customizable Deep Packet Analytics (DPA) scripts. Receive ongoing updates with saved searches, automated alerts, and customizable dashboards. Then, preserve essential information with SmartCapture™ (LogRhythm SIEM).

POWERFUL SEARCH CAPABILITIES

Streamline investigation

Access essential packet and flow data to make your investigation easier with flexible searching. Rebuild email attachments to assist in malware analysis and monitor for data loss.

UNDERSTAND YOUR NETWORK ACTIVITY

Harness deep packet analytics

Deep Packet Analytics (DPA) builds on the NetMon Deep Packet Inspection (DPI) engine to interpret network traffic, including immediate recognition of PII, credit card information, port and protocol mismatch, and other key indicators of compromise (IOCs).

How can we help? Talk to an expert.

Frequently Asked Questions

How is NetMon deployed?

NetMon is available as an appliance or a virtual machine in your network infrastructure. It can be purchased as an add-on across the Exabeam portfolio: on either New-Scale or LogRhythm SIEM deployments.

Is NetMon fully integrated with Exabeam?

Yes. NetMon acts as a log source for both LogRhythm SIEM and New-Scale deployments, analyzing traffic and extracting key data points such as application, source and destination IP, traffic volume, and much more. LogRhythm SIEM can also access PCAPs from NetMon making it easier and faster to respond to incidents. All New-Scale Platform users will be able to integrate NetMon data into their New-Scale user interface. A separate NetMon interface is also available for additional visualizations and traffic insights.

What is Deep Packet Analytics (DPA)?

Deep Packet Analytics (DPA) builds upon DPI to provide a richer source of visibility into network traffic, including immediate recognition of PII, credit card information, port and protocol mismatch, and other key data revealing inappropriate data movement. DPA allows for continuous correlation against full packet payloads and metadata using prebuilt and custom rule sets and provides unprecedented control over alarming and response at the flow and packet level. Through DPA rules, you can automate threat detection that was previously only possible via manual packet analysis.

What is Deep Packet Inspection (DPI)?

NetMon Deep Packet Inspection (DPI) engine gives you a deep understanding of your network activity in an easy-to-access format. It identifies and categorizes thousands of applications at wire speed and populates thousands of metadata fields. NetMon also analyzes and extracts Layer 3-7 network data using a variety of methods, including pattern matching, heuristic modeling, and signatures for session identification.

What is SmartCapture?

SmartCapture allows you to automatically capture sessions based on application or packet content to drastically reduce your storage requirements while preserving the information you need.