Thalasar Ventures

Start Up Profile: Packet Analytics, NetFlow Security Company

With so many web 2.0 startups running around with too many consonants in their name, it’s hard for a traditional software startup to get some of the buzz that yet another youtube clone might. Today I am profiling Packet Analytics which provides a NetFlow search engine.

Packet Analytics is a startup based in Santa Fe, New Mexico. The company has an exclusive technology license from Los Almos National Labs for their proprietary NetFlow search engine. Given the high security demands of the nuclear weapons lab, this product has seen far more testing and usage than a typical software startup. Most software startups don’t have their software running for 5 years at a customer’s facility, much less a high profile one like Los Alamos. This means for an enterprise looking for a NetFlow analysis tool can know that the software can perform up to standards that far exceed their own. (If you don’t know what NetFlow is, please read my link to the Wikipedia article.)
I had the opportunity to sit down with Andy Alsop (CEO &Chairman) and Ben Uphoff, Ph. D.(VP of Research) and talked with them about their startup, which is one the first applications to use NetFlow for security. In addition to running a software startup, they also contribute to Breach Bytes, a network security blog.

Why is using NetFlow data for security so important?

Andy Alsop:“Security breaches can happen to any company. It’s not a matter of if, but when they will occur,” said Alsop. “Net/FSE was built by security analysts for security analysts so that enterprises have access to advanced search capabilities over terabytes of NetFlow router data. Our product will save analysts a significant amount of time in their routine alert investigations, making them more efficient and dramatically decreasing response time.”
Indeed this highlights the iterative approach to security that is seeing uptake in many enterprises. Instead of hoping for a silver bullet solution to security, enterprises are beginning to recognize that breaches are inevitable and that a rapid response to a breach is necessary. NetFlow data is a great tool for rapidly an incident but given the amount of Netflow data an enterprise will generate, it was impossible to search in real time. Searching a terabyte of NetFlow data in real time simply wasn’t possible before. The Net/FSE product is the first commercial search engine for enterprise network data, allowing searches in real time.
Apparently Packet Analytics’ customers agree. One such customer is Los Alamos National Bank, one of the largest banks in New Mexico.

“We purchased and deployed Net/FSE at Los Alamos National Bank to give us visibility into our NetFlow router data in addition to our other network data,” said David McCullough, Chief Technical Officer for Los Alamos National Bank. “Before Net/FSE when we needed to perform a network security investigation it was taking us as much as day to answer one investigative question. Now, we’re able to answer that same question in a matter of minutes.”

The Department of Energy Los Alamos Lab logs over one billion network events a week, with about 15 terabytes of this data online. “They were bombarded with alerts from IDSes, IPSes, firewalls, or users, so the security analysts needed [something to help them] determine what we like to call ‘context’ around” an event” stated Alsop.
Providing context around an alert which is what the Net/FSE search engine does. This reduces response times from a day to minutes, which is critical in minimizing the effects of a network breach.
Having the right tool for the right job is vital in network security. Having a tool that does everything poorly is much like having a Swiss Army knife. You wouldn’t want to carve a 25 lbs turkey with it. The Packet Analytics netflow search engine can handle the multi-terabytes amount of data that NetFlow generates, making it quickly searchable. Ben Uphoff noted, “Vendors claims that they “do it all” are misleading at best. You really want the right tool for the job.”
Packet Analytics is offering a free netflow search engine download, which supports up to one million events per day. Anything higher incurs a licensing fee — anywhere from $1,495 for up to 3 million events per day to $18,950 for 50 million events per day.

Both comments and pings are currently closed.

Comments are closed.