NetWitness - Total Network Knowledge™


Products NextGen Overview Infrastructure Products Decoder Concentrator Broker Applications Informer Investigator SIEMLink API/SDK Tech-in-Depth Live Freeware Solutions Overview By Challenge Incident Response Data Leakage Data Governance By Industry Financial Services Government Law Enforcement Protection of Customer Data Resources Overview Webcasts Press Releases In the News Events Partners Overview Company Management Team Board of Directors Careers Contact Us

Decoder

How do you know what really happened on your network if you don’t have a record of it?
Can you prove definitively what communications did or did not occur on your network?
Do you want to have a higher level of assurance regarding actual specific activities on your network?

NetWitness® Decoder is the cornerstone of the NetWitness NextGen™ infrastructure and the key component of an enterprise-wide network data recording solution. Decoder is a real-time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyze full network traffic in an infinite number of dimensions.

Unlike every other network recording or monitoring products on the market, Decoder fully reassembles and globally normalizes traffic at every layer for full session analysis. The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets. Decoder creates a definitive foundation of Total Network Knowledge™ that can be mined in real-time by the NetWitness® Investigator Enterprise and Informer applications. NetWitness Decoder now also includes NetWitness® Live, which provides you with access to multi-source threat intelligence. For more advanced applications, users can leverage NextGen’s available API/SDK to build more organizational-specific applications which utilize Decoder and the NextGen infrastructure. Decoder represents the intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capabilities on the market.

Now Available in a Portable Version!
NetWitness has now introduced NetWitness® NextGen Eagle, a portable and compact version of the NetWitness® Decoder. NextGen Eagle broadens NetWitness’ capabilities from fixed network infrastructure devices to include a compact, mobile monitoring system to support law enforcement, incident responders, auditors, intelligence, and consulting staff for field-duty scenarios. Unlike other portable vendor offerings, NextGen Eagle also supports WiFi monitoring with an exceptional depth of analysis.

Product Features:

NetWitness Administrator Dashboard

Supports 10G infrastructures
Supports NetWitness® Live
Linux-based, highly configurable, full packet capture and reassembly device
Modular and fully upgradeable hardware platform across entire product line
Indefinitely scales your collection infrastructure upon a distributed, highly manageable, real-time framework
FlexParse™ enabled for rapid, user definable parsing and modeling
Supports threat intelligence feeds that track BOTs, designer malware, darknets, proxies and fast flux networks, etc.
Protocol and application exploitation: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), Bittorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR, Social Networking, Fast Flux and many others.
Expandable SAS storage capacity & supports SAN solutions
Available API/SDK for custom application development
Supports NetWitness Identity for correlating users to network traffic
Supports RSA SecurID and LDAP authentication

Deployment:
Place NetWitness® Decoder(s) wherever you want to capture traffic: egress, core, facility, or segment. They can be operated continuously or tactically and ingest any network capture feed from any source. Decoders are designed to interoperate with Investigator Enterprise and Informer, as well as push data to central NetWitness® Concentrators for aggregated analytical views.

NetWitness® Appliance Models:

SKU	Processor	RAM	Interfaces	Total Storage	Power	Form Factor	Weight
NWA 100-8D	Dual-Core	8GB	(2) 100/1000 Copper	2TB Redundant	Single 260W	1U, Half-Depth	25 lbs
NWA 1200-16d	Quad-Core	16GB	(6) 100/1000 Copper	12TB Redundant	Redundant 800/850W	2U, Full-Depth	66 lbs
NWA2400-N-32d	Hex-Core	32GB	(6) 100/1000 Copper	24TB Redundant	Redundant 750/800W	2U, Full-Depth	65 lbs
NWP55-8d	Quad-Core	8GB	(2) 100/1000 Copper	4TB Redundant ENCRYPTED	Single 400W	Briefcase	20 lbs

*All appliances are UL, FCC, CE and VCCI approved & RoHS Compliant

Call 703-889-8950 or contact sales@netwitness.com for more information about NetWitness® Decoder and other NetWitness NextGen™ products.

Support

Community

Blog