IT Security: Network Traffic Analysis
Continuous Vulnerability Forensics and Network Performance Analysis
Iris Network Traffic Analyzer empowers your security and operations teams by providing granular data monitoring and precise packet and session reconstruction capabilities. The solution is designed to combine process and technology into a single effective system for network forensics.
Today's organizations rely on the continuity and security of underlying IT systems at all times. This requirement is further amplified when you take into account the fact that most security or performance issues, whether due to malicious acts, user non-compliance or simple bandwidth mis allocation, generally reside above your network in the applications being serviced by your infrastructure.
Most packet capture solutions and network sniffers only display raw packets and leave it to the user to decode and determine the potential problems they represent. Iris collects network traffic and reassembles it as its native session based format, enabling users to quickly and easily make business decisions based on the service it was providing. Iris users can present the actual text of an email, as well as any attachments, exactly as it was sent. It provides reconstruction of full HTML pages that an end users visited and reconstruction of cookies for entry into password-protected websites. Iris will even display bi-directional instant messaging communications allowing full session reconstruction as the end user sees it.
The Iris Traffic Capture Engine is designed as a service oriented architecture, permitting security professionals to gather forensic information while performing other tasks in parallel. Iris is designed to capture specific data via filters based on a myriad of traffic metrics. This approach ensures that all targeted traffic is captured, regardless of whether the solution is run interactive or as a service. For capacity and service level agreement planning, Iris allows users to leverage traffic captured in one area of a network for use elsewhere, as well as for the monitoring of applications in development. Additionally, Iris allows for advanced functions such as keyword searching and protocol distribution.
Iris provides a large variety of statistical measurements, supplying information on protocol distribution, top hosts, packet-size distribution and bandwidth usage. By regularly analyzing how systems and applications are being used, administrators can proactively identify and eliminate issues before they can result in downtime. Iris can also provide the proof required to drive the creation and enforcement of policies related to appropriate system and application usage.