NetDetector/NetVCR 2005 Traffic Analyzer

by Jerry Shenk
Sept. 1, 2017 0 comments SANS Institute logging technology and techniques

The NIKSUN NetDetector/NetVCR 2005 is like the “black box” on an aircraft. It collects all types of data, including packets, which can be analyzed later, when an organization suspects that some type of attack may have occurred. NIKSUN’s approach to storing and making accessible all event and traffic data — all the way down to the packet level — is different from most network analysis appliances, which try to simplify the user interface and storage, but remove too much detail in the process. This leaves an experienced operator who needs packet-level detail at a disadvantage. Instead of being able to follow his own hunch by drilling deeper into the data, he’s forced to trust a device’s analysis instead of his own. While convenient for less experienced staff, this lack of detail presents a security risk in cases in which closer examination of traffic and events are