The NetWitness NextGen product suite represents over 10 years of innovative research and development that produced a portfolio of patented systems and methods for network traffic monitoring and analysis. Vastly different from any existing security and network infrastructure technology, Netwitness NextGen™ was designed from the ground up to instantly analyze, model and mine all network traffic in unprecedented detail, not simply monitor it.

The NetWitness NextGen™ Product Suite is architected for ultimate reuse and flexibility across any environment. At the core of the architecture are server products, Decoder and Concentrator, that establish a record once/reuse many times packet capture infrastructure. These products have an open API that enables any application to query and request network data from them. This API is the foundation of Investigator and Informer, the first of many applications that will be available for the NetWitness NextGen™ framework.

NetWitness NextGen was designed to solve a diverse set of problems, spanning business and technical value that continue to remain unresolved by conventional security and networking technologies. Global normalization and real-time synchronization of network metadata, supported by deep context and content knowledge into network sessions enables us to provide solutions to hard problems not met by network performance monitoring, content monitoring and filtering, signature based systems, or log aggregation technologies. Simply put NextGen fills a void, and provides technology that is dynamic and robust enough to grow with your infrastructure.

Central to what makes our product suite a true enabler, and augmentation to your existing infrastructure is the NetWitness® MetaFlow Engine. This patented technology extracts session application and content descriptors from network traffic and produces a common language that normalizes all network entity activity across every application. The NetWitness metadata, combined with its native full packet storage, is the technical foundation of a network recording infrastructure capable of providing insight and behavior detail into every conceivable network event: internal, external, malicious or benign. For example: a netflow-type technology may provide network layer event information like IP address, port, etc. NextGen not only provides that information but also provides application layer data like email address, userid, filename, and password – and even the fully reconstructed content.

A key component to the metaflow engine is FlexParse™, which unlike any network technology on the market, exposes network parsing and modeling to the end user. FlexParse enables NetWitness operators to dynamically configure, via XML, how NextGen identifies applications and what it extracts for analysis. This enables NextGen users to instantly customize and expand the processing and modeling behavior of NextGen Decoders, and ultimately your analysis. This processing flexibility is critical for networks with heavy application profiles, proprietary protocols and threats that don’t fall into common in intrusion detection practice.

Compounded by the rich metadata NetWitness NextGen creates, the reporting capabilities provide insight into activity that most other network monitoring technologies simply cannot provide. For the first time network sourced information of this detail is made interactive and universally available though reports and real-time charts. The power of NextGen reporting is not overstated, every single piece of metadata available, in any combination, can be reported on, alerted on, plotted over time, and presented in real-time. This may include feedback on Threat Intelligence, specific HTTP downloads or types, cleartext authentication, non-standard port utilization, user activity, application or encryption profiles, or P2P usage, all with direct access to full content via a simple click.

Finally, the entire NextGen solution was architected to provide total flexibility to adapt to changing technology, requirements, and policies. This is accomplished by four core features:

• API - enable rapid development of any conceivable application for analysis of raw network traffic

• FlexParse - instantly customize and expand the processing and modeling behavior of network capture

• Threat Feeds – leverage external, real-time intelligence based on IP addresses to add contextual content to network traffic

• Reliable and Scalable Capture Infrastructure – record everything on the network and reuse it multiple times

• No Host-Agents Required
• Solutions are offered as software and hardware
• First and only available IPv6 session analysis product
• FIPS 140 compliant communications infrastructure
• Low-cost, scalable SAS storage - SAN supported
• Supports live packet capture and packet file import
• Provides full application layer analysis and content search
• Available API/SDK
• FlexParse™ enabled for total control of processing and analysis
• Supports threat intelligence feeds from third parties
• Provides protocol and application exploitation of: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, REGEX, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), Bittorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR Social Networking, Fast Flux and others.