NetIntercept is a network monitoring and analysis system. It is delivered as a complete system, with hardware and software pre-installed, ready to be placed in a machine room or NOC and plugged into the network at the firewall border.
To use NetIntercept, an IT manager simply connects the system; no configuration is required to monitor and analyze traffic from the system’s console. Unlike Intrusion Detection Systems (IDSs), it doesn’t actively look at traffic and report events in real-time. Instead, it records all traffic on the hard drive, writing over the oldest information when the limit of storage is reached. Thus, traffic from the last several hours, days, or weeks (depending on the size of your NetIntercept configuration and average bandwidth) are available for study. Traffic is selected via the user interface, and then analyzed in batch mode.
A typical user would begin a batch analysis:
* After noticing a traffic peak
* Because an event was logged by a network management system
* After receiving an alarm from an IDS, or
* As a core part of any overall security monitoring strategy
After analysis, all network traffic in the selected interval becomes available to system administrators through an easy-to-use graphical user interface (GUI) and printed reports. NetIntercept can be used either sparingly (an occasional half-hour to review recent alerts), or continuously (as part of a full-scale effort to optimize network infrastructure, monitor network usage, or study an attempted break-in).
NetIntercept lets users:
* Study an external break-in attempt
* Monitor correspondence and watch for confidential data being sent outwards
* Display the contents of a remote login or a web session
* Become aware of unusual or potentially troublesome traffic on the network
* Use the GUI to interactively view traffic categorized or sorted by dozens of attributes, such as time of day, username, client and server machine identities, or session size
* Select connections of interest by criteria, such as keywords found in text objects, email header fields, Ethernet addresses, TCP or UDP port numbers, file names, and Web Uniform Resource Identifiers (URIs)