Netwitness Visualize: Bringing Network Data Extraction and Assembly to the Next Step

Being in charge of network security can be a daunting task, especially when threats mutate on a daily basis. There are loads of tools out there that help with these tasks, and one more tool has been added to the security toolkit: NetWitness Visualize.

Using the enterprise full packet capture of NetWitness, it is now possible to extract key pieces of content that flow across the network and assemble it in a way that allows analysts to quickly navigate to important content types. Want to see all of the PDF files on the network? How about all of the VOIP calls made from your developers group? You can tell by the photos of shoes and dresses that Suzy in the HR department has a clothes shopping habit, while Steve in Sales took photos of a white board displaying a beta product mockup with his cellphone and sent it to a competitor.

NetWitness has married full packet capture, content extraction, and Microsoft’s Silverlight to create a Minority Report-style interface to quickly zero in on and navigate through activity detected across a network. You can see it in action yourself and interact with it in this awesome online demo of the application.

Also, here’s a Youtube video showing how the touchscreen navigation works (starts at 3:50).

There are two ways you can look at applications such as Netwitness Visualize: it gives the good guys an awesome tool to quickly find bad guys on a network, or could actually give your employer, or the government for that matter, a frightening amount of power over what you are doing, in and out of the office.

For those of you going to the Black Hat hacker conference in Las Vegas next week, NetWitness has promised to have live hands-on demos available.