Decoder
Decoder is a real-time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyze full network traffic in an infinite number of dimensions.
NetWitness® Decoder is the cornerstone of the NetWitness NextGen™ infrastructure and the key component of an enterprise-wide network security monitoring platform. Unlike every other network recording or monitoring products on the market, Decoder fully reassembles and globally normalizes all traffic at every layer for full session analysis. The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets.
Decoder creates a real-time, definitive collection of highly organized content and context of all your network traffic that is immediately accessible to all NetWitness applications, including NetWitness Spectrum, NetWitness Investigator Enterprise, and NetWitness Informer. NetWitness Decoder includes NetWitness® Live, which provides you with access to multi-source threat intelligence. For more advanced applications, users can leverage the NetWitness API/SDK to build organizational-specific applications. Decoder represents the intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capabilities on the market. Decoder is deployed on many of the fastest and largest networks in the world by leading enterprises.
Take NextGen on the Go!
NetWitness® Eagle is a portable and compact version of the NetWitness® Decoder. NetWitness Eagle broadens NetWitness’ capabilities from fixed network infrastructure devices to include a compact, mobile monitoring system to support law enforcement, incident responders, auditors, intelligence, and consulting staff for field-duty scenarios. Unlike other portable vendor offerings, Eagle also supports WiFi monitoring with an exceptional depth of analysis.
Deployment:
Place NetWitness® Decoder(s) wherever you want to capture traffic: egress, core, facility, or segment. They can be operated continuously or tactically and ingest any network capture feed from any source. Decoders are designed to interoperate with Investigator Enterprise and Informer, as well as push data to central NetWitness® Concentrators for aggregated analytical views.
- Supports 10G infrastructures
- Supports NetWitness® Live
- 64-bit Linux-based, highly configurable, full packet capture and reassembly device
- Indefinitely scales your collection infrastructure upon a distributed, highly manageable, real-time framework
- FlexParse™ enabled for rapid, user definable parsing and modeling
- Supports threat intelligence feeds that track BOTs, designer malware, darknets, proxies and fast flux networks, etc.
- Protocol and application exploitation: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), Bittorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR, Social Networking, Fast Flux and many others.
- Expandable SAS storage capacity & supports SAN solutions
- Available API/SDK for custom application development
- Supports NetWitness Identity for correlating users to network traffic
- Supports RSA SecurID and LDAP authentication
NetWitness® Appliance Models:
| Decoder | SKU | Processor | RAM | Interfaces | Total Storage | Power | Form Factor | Weight |
|---|---|---|---|---|---|---|---|---|
 |
NWA 100-8d | Dual-Core | 8GB | (2) 100/1000 Copper | 2TB | Single260W | 1U, Half-Depth | 25 lbs |
 |
NWA 1200-N-16d | Quad-Core | 16GB | (6) 100/1000 Copper | 12TB Redundant | Redundant 800/850W | 2U, Full-Depth | 66 lbs |
|
NWA2400-N-32d | Hex-Core | 32GB | (6) 100/1000 Copper | 24TB Redundant | Redundant 750/800W | 2U, Full-Depth | 66 lbs |
 |
NWP55-8d | Quad-Core | 8GB | (2) 100/1000 Copper | 4TB Redundant ENCRYPTED | Single 400W | Briefcase | 20lbs |
* Appliances are UL, FCC, CE and VCCI approved & RoHS Compliant