NetWitness - Total Network Knowledge™


Products NextGen Overview Infrastructure Products Decoder Concentrator Broker Applications Informer Investigator SIEMLink API/SDK Tech-in-Depth InSight Live Freeware Solutions Overview By Challenge Incident Response Data Leakage Data Governance By Industry Financial Services Government Law Enforcement Protection of Customer Data Resources Overview Webcasts Press Releases In the News Events Company Management Team Board of Directors Careers Contact Us

Decoder

How do you know what really happened on your network if you don’t have a record of it?
Can you prove definitively what communications did or did not occur on your network?
Do you want to have a higher level of assurance regarding actual specific activities on your network?

NetWitness® Decoder is the cornerstone of the NetWitness NextGen™ infrastructure and the key component of an enterprise-wide network data recording solution. Decoder is a real-time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyze full network traffic in an infinite number of dimensions.

Unlike every other network recording or monitoring products on the market, Decoder fully reassembles and globally normalizes traffic at every layer for full session analysis. The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets. Decoder creates a definitive foundation of Total Network Knowledge™ that can be mined in real-time by the NetWitness® Investigator Enterprise and Informer applications. NetWitness Decoder now also includes NetWitness® Live, which provides you with access to multi-source threat intelligence. For more advanced applications, users can leverage NextGen’s available API/SDK to build more organizational-specific applications which utilize Decoder and the NextGen infrastructure. Decoder represents the intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capabilities on the market.

Now Available in a Portable Version!
NetWitness has now introduced NetWitness® NextGen Eagle, a portable and compact version of the NetWitness® Decoder. NextGen Eagle broadens NetWitness’ capabilities from fixed network infrastructure devices to include a compact, mobile monitoring system to support law enforcement, incident responders, auditors, intelligence, and consulting staff for field-duty scenarios. Unlike other portable vendor offerings, NextGen Eagle also supports WiFi monitoring with an exceptional depth of analysis.

Product Features:

NetWitness Administrator Dashboard

Supports 10G infrastructures
Supports NetWitness® Live
Linux-based, highly configurable, full packet capture and reassembly device
Modular and fully upgradeable hardware platform across entire product line
Indefinitely scales your collection infrastructure upon a distributed, highly manageable, real-time framework
FlexParse™ enabled for rapid, user definable parsing and modeling
Supports threat intelligence feeds that track BOTs, designer malware, darknets, proxies and fast flux networks, etc.
Protocol and application exploitation: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), Bittorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR, Social Networking, Fast Flux and many others.
Expandable SAS storage capacity & supports SAN solutions
Available API/SDK for custom application development
Supports NetWitness Identity for correlating users to network traffic
Supports RSA SecurID and LDAP authentication

Deployment:
Place NetWitness® Decoder(s) wherever you want to capture traffic: egress, core, facility, or segment. They can be operated continuously or tactically and ingest any network capture feed from any source. Decoders are designed to interoperate with Investigator Enterprise and Informer, as well as push data to central NetWitness® Concentrators for aggregated analytical views.

NetWitness® Appliance Models:

SKU	Interface	Storage	Form Factor	Power	Weight
NWA 100-8D	One copper Ethernet 100/1000 for management One copper 100/1000 Ethernet capture interface	2TB Total Storage Not redundant	1 RU x 14" (D) x 1.75" (H) x 16.8" (W)	Single 260 (W) 120/240V	25 lbs
NWA 1200-16D	Four 100/1000 Ethernet copper capture interfaces, Or two 1000 Ethernet fiber interfaces, Or two 10G XFP interfaces	12TB Total Storage Redundant with hotswap	2 RU x 27.75" (D) x 3.44" (H) x 17.6" (W)	Dual Redundant 850 (W) 120/240V autoswitch	66lbs
NWP 50-16D	One copper Ethernet 100/1000 for management One copper Ethernet 100/1000 for capture One WiFi interface for capture	3TB Total Storage Redundant	Briefcase x 5.75" (D) x 11.5" (H) x 16.8" (W)	Single 520 (W) 120/240V	16 lbs

*All appliances are UL, FCC, CE and VCCI approved & RoHS Compliant

Call 703-889-8950 or contact sales@netwitness.com for more information about NetWitness® Decoder and other NetWitness NextGen™ products.

Support

Community

Blog