Network Instruments' GigaStor aims to take the guesswork out of forensics. The appliance captures live traffic that can be replayed for analysis and auditing and to investigate security issues, conduct compliance audits and troubleshoot network links.
Agilent, Network Associates and several others have similar troubleshooting tools, but the GigaStor can store data at rates up to 14.4 Gbps without missing a packet. And, few monitors simultaneously address security, compliance, e-discovery and notification, as GigaStor does.
GigaStor captures all network activity on the link to which it is attached. Its best feature is the ability to reconstruct actual elements of sessions as they occurred at the time of capture. While additional work remains to be done on some critical elements needed for forensics, Network Instruments is ahead of the pack on this product.
Network Instruments' GigaStor
The ability to analyze network events is critical for today's enterprises. Besides regulations like HIPAA and Sarbanes-Oxley, more than 30 states require organizations to notify customers if personal information is exposed; fail to do so and you face fines and legal action. Having actual network traffic can help IT answer burning questions—was information taken, and what was the extent of the breach?
Network Instrument's GigaStor answers those questions and more. It captures, stores and can replay network traffic, including application sessions, file transmissions and Web site use, and provides excellent tools for understanding exactly what happened and who was responsible. Depending on the link it monitors, it can store days, months or even years of actual network activity. The largest available unit will store 48 TB of data; we tested a 12 TB version.
While targeted at network administrators as a troubleshooting and analysis tool, the GigaStor will also please internal and external auditors, corporate attorneys, and executives. When an application flakes out, information gets stolen or an employee violates policy, the first and often hardest question to answer is, "What happened, exactly?" This device can provide crucial evidence these constituencies need when investigating policy violations, compliance issues or cyber crimes.
For instance, suppose you're investigating an incident in which an employee sent a sensitive file named new_product.exe to an outside agency. Most competitive products record key statistics such as the file name, source IP address, transfer protocol and time of the transfer. However, when you reconstruct the event and confront the employee, he might argue that the file was a harmless executable that has the same name as a sensitive file. GigaStor records the actual file that was sent and allows you to see it.
On the downside, the product is expensive. Buyers will have to carefully choose which network links will most benefit from real-time traffic capture. It also requires substantial time to learn to use it effectively. Finally, for a product with such clear applicability to auditors and lawyers, it lacks detailed documentation on how to hone in on a bad event and present it in a form that these audiences will easily understand. Network Instruments says it is aware of and addressing this issue, but it's an unfortunate omission.