Catchwire - Your Preferred Solution
Our 1GB CatchWire network probe presents a series of advantages compared to what is available in the market today and complements the existing network monitoring and analysis (NTA) solutions (e.g., Cisco Stealthwatch; Riverbed SteelCentral):
- Passively monitors the traffic crossing the network at the point of installation and creates NetFlow records for export to a collector with no impact on existing routers, switches, or firewalls.
- It can deliver 100% accurate pure (unsampled) NetFlow in V5, V9 or IPFIX formats. (Note: Generating NetFlow from routers and switches can take a significant performance toll on these critical network elements and, as a result, they are often configured to generate sampled NetFlows in order to reduce load. Sampled NetFlow data simply doesn't provide the level of detail necessary to investigate and analyze security and network events effectively - particularly when investigating short-lived events such as microbursts.)
- Reduces the load impact on the network by limiting the amount of data collected based on what is needed for security analysis, i.e., installed only in those points where there is a high risk of attack or there is a specific reason why it needs to be closely monitored.
- It is very useful when the existing network devices can’t handle the additional burden of exporting NetFlow data, or the networking staff is unwilling to provide you with direct access to NetFlow data.
- It is host, application, operating system agnostic solution.
- It is collector and analytics solution agnostic.
- The analyst has the ability to use it to “cut the line” remotely in case of an attack detected at the monitored endpoint.
- It can be configured as undetectable (i.e, no IP address), if offloading of the information is done via WiFi or cellular network.
- By design, it is very easy to use and highly capable out of the box without the need for excessive fine-tuning. There is no need to install and configure the software, e.g., port number. (Note: When used as a NetFlow exporter it does require entering the IP address of the NetFlow collector.)
- Endpoint agents require a database of signatures or daily updates, while CatchWire does not. Therefore, it is extremely “lightweight” on the network and has a minimal performance impact on endpoints. It appeals to organizations looking for improved zero-day malware protection, those looking for low-impact protection for resource-constrained platforms, and systems that are disconnected and cannot rely on regular signature updates.
- Requires no infrastructures changes (except for “breaking” the wire) which makes them an excellent choice for temporary installations (i.e., it is “mobile”).
- Can be installed in environments where deploying software agents on computers is prohibited by the security policies in place.
- Can monitor IP devices that do not support the deployment of software agents, such as VoIP devices, printers, scanners, SCADA/ICS, etc.
- Has virtually zero maintenance costs associated with it.
Click here to access our online store.