The software, which was introduced as a stand-alone product for the first time last fall, offers three functions: monitoring the network to look for problems, performing forensics to determine whether a problem has occurred previously and anticipating threats by using baseline information to look out for problems in the future. Network flow data is generated by infrastructure devices such as switches and routers.
Chris St. Myers, a senior security engineer for Rackspace Hosting, a San Antonio, Texas, hosting and cloud computing company, has been beta testing the new version and says he was primarily interested in the product's speed improvements. To be able to search through 96Gbytes an hour and eight months of traffic "is really neat," he says.
While his company's network group has other tools to look for intruders, he can use the software to find more subtle attacks that might not show up as a big enough event on the other group's software. "If we're seeing something weird, traffic coming from a Website it normally doesn't, we can pick that out."
Support for tracking AS is something that many of ProQueSys' ISP users have been requesting, says Vincent Berk, CEO of the Lebanon, N.H., company. The software now gives ISPs the ability to track the exact volumes of traffic through AS, as well as track where abuse might be coming from. This is important in today's Internet because it gives the ISPs the ability to shut off abusers or throttle them, he says. The increased ability to filter means that network administrators can now look at data after the fact, such as checking to see whether employees leaving an organization have transferred files to their home computers or their new employers, he says.