NetWitness® Informer is the enterprise reporting, live charting and alerting application of the NetWitness NextGen™ product suite. Informer leverages the power and Total Network Knowledge inherent in the NextGen data capture and session reconstruction infrastructure, and the analytics of NetWitness Investigator to provide detailed reporting, charting and alerting on network performance, insider threats, data leakage, compliance monitoring, I/T asset misuse, hacker activities, and a host of other problems.

NetWitness® Informer is a revolutionary new approach to network reporting and alerting. Informer goes beyond traditional network reporting and alerting products on the market because it does not simply rely upon log files, netflow or other limited data sets to generate reports. Informer uses the comprehensive network traffic that is captured and reconstructed by the NextGen infrastructure to provide a real-time glimpse into incidents, threats, anomalies, misconfigurations, compliance violations, and other malicious or benign activities on your network. Informer is a fully interactive, intuitive web-based report engine with design features that enable users of any level to create the perfect report without sophisticated programming or outside help. In addition, every report result is backed up with hard evidence, with one click into NetWitness Investigator.

Every network reporting product on the market today uses log files or complex network layer or flow information as its data source. Not only does NetWitness® Informer provide the type of insight provides by these products, but it also goes above and beyond to allow access to unprecedented details into network applications and content. This efficiency allows users to replace dozens of reports from existing technologies, with a single Informer report. And it is this intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capability on the market.

Deployment:
Connect NetWitness® Informer to any NetWitness® Decoder or NetWitness® Concentrator for reporting against that device.

Product Features:

• Hundreds of report rules, categories and templates out of the box
• Flexible, WYSIWYG drag-and-drop report builder & scheduling engine
• Fully customizable, XML-based rules and report library for infinite report and alert combinations
• Live-charting for real-time dashboard of activity
• Full role-based access controls
• HTML and PDF report formats included
• Supports CEF, SNMP, syslog, SMTP data push
• Offered as Windows® software –or- integrated appliance for total flexibility

Report Examples:

• Security - profile and alert on zero-day, BOTnet, and intrusion activity with complete content
• IT Operations - report and chart across application and network layer metrics
• Business Intelligence - profile sensitive data flow in real-time with total access to all events and content surrounding suspect activity
• Insider Threat - monitor and profile computer, user, and resource activity across every application and device
• Compliance - audit network-based components of policies and regulations such as FISMA, HIPPA, ISO 1779, SOX\GLB, and PCI standards
• Legal – support e-Discovery, criminal investigations, or liability audits through network entity profiling and analysis

Screenshots:

NetWitness Informer features a fully customizable graphical user interface. Alerts can be viewed in realtime and multiple alerts and charts can be tiled into a customized view.

Minimum system requirements:
NetWitness recommends the following minimum hardware requirements for NetWitness Informer software.

• Windows® XP or 2003 Server
• Microsoft IIS 5.0+
• 2GB RAM
• 1 Ethernet Port
• Internet Explorer v7
• .NET 2.0 with AJAX.NET Extensions

NetWitness® Informer Appliance:

Call 703-889-8950 or contact sales@netwitness.com for more information about NetWitness® Informer and other NetWitness NextGen™ products.