Sunday, April 6, 2008

Netronome and NetWitness Partner on SSL Inspection and Monitoring

Netronome Systems and NetWitness announced an interoperability agreement that allows organizations to identify threats hidden within Secure Sockets Layer (SSL)-encrypted communications. The goal is to remove the blind-spots in network security monitoring created by SSL and the lack of a full packet capture-based approach to network monitoring.

The companies said that although SSL-encrypted communications enable the use of Web-based technologies for many types of sensitive consumer and business transactions, new threats are emerging. Adversaries, including state-sponsored attackers and organized crime groups, are repurposing SSL technology to hide serious threats from traditional network monitoring approaches. These threats include hiding of command and control messages, data theft and exfiltration traffic, and other malware and exploit communications.

Netronome Systems develops high-performance intelligent networking solutions that provide content flow analysis, deep packet inspection and application acceleration for network and security appliances.

NetWitness provides network monitoring solutions for identification, investigation, and resolution of complex network threats.

The combined solution is comprised of:

  • NetWitness' NextGen - a full packet capture and session reconstruction solution for automated threat alerting and reporting and interactive analysis of network traffic up to the application layer and beyond. NextGen can be used to address a range of security problems, such as insider threat management, data leakage protection, malware activity detection, network performance management, and compliance verification.

  • The Netronome SSL Inspector - a high-performance transparent SSL proxy designed to provide networked security devices with access to the plaintext of SSL-encrypted communications. These capabilities ensure that malware threats, such as exploit code, spam, spyware and viruses, and unauthorized traffic including data theft or leakage and other forms of cyber crime or asset misuse are identified when transmitted inside of encrypted SSL flows.

The agreement coincides with the release of Netronome SSL Inspector 2.0. The new software release augments the product's existing support for in-line operation with a passive mode where the SSL Inspector can be deployed off a tap, span port or mirrored interface. This architectural flexibility provides additional deployment options that expand the network design choices available in deployments with NetWitness.http://www.netronome.com
  • In November 2007, Netronome Systems, a start-up based in Pittsburgh, Pennsylvania focused on high-performance packet analysis solutions, announced a technology licensing, sales and marketing agreement will Intel focused on its IXP28XX product line of network processors.
    Under the exclusive deal, Netronome is licensed to continue sales and support of the Intel IXP2805 and the Intel IXP2855 network processors in new designs. In addition, Netronome is developing a next-generation line of IXP-compatible, high-end network flow processors that combine the Intel IXP28XX technology with Netronome's flow management and deep packet inspection architecture. The new network flow processors, which feature 16 microengines or cores, are designed for a variety of communications applications ranging from network switching and routing (L2-L3) to content and flow analysis for specialized network and security appliances (L2-L7).

See also