NetForensics, Inc. next week will announce a new version of its security information management (SIM) system that adds new risk analysis and assessment capabilities, improved scalability and an enhanced graphical interface.

NetForensic's SIM software is intended to collect security events and alerts coming from various enterprise security tools, normalize the data into a common format and correlate it such that users can more easily home in on their most serious security problems.

New with version 3.0 is a risk assessment capability that helps users quickly identify the most serious threats. The feature takes advantage of a new built-in asset management system that users employ to assign values to internal resources according to their level of importance. Each risk is then assessed according to the type of threat and the system it is targeting, says Bill Oliphant, product manager for netForensics, based in Edison, N.J.


Version 3.0 includes a knowledge base with information on 20,000 event types, which are broken down into 100 netForensics Alarm IDs. Each ID falls into one of nine categories, such as denial of service (DoS), virus/trojan and application exploit.

Each category can then be given a threat level that may vary depending on the resource under attack. For example, a DoS attack on an email server may be more worrisome than the same attack on an FTP server. Users can also flag specific IP addresses, address ranges or domains as known threats and assign them a high threat value accordingly.

With version 3.0, netForensics is also employing a new architecture that improves scalability.

As in previous versions, software agents -- which sit on servers and collect event data from multiple managed devices -- normalize data into an XML format and report it up to engines, where correlation takes place. Now different engines can communicate with one another and feed data up to a master engine, which will perform further correlation. A new "provider" component supports features including authorization and configuration management, such that different console operators can be assigned varying areas of responsibility and different network views.

The netForensics console is also improved in version 3.0, Oliphant says, with new visualization capabilities that help users make sense of huge quantities of data in real time.

The company also recently signed a deal with SilentRunner, Inc. to offer its visualization software, which makes it easier to see relationships and correlations between different security events and the devices they target.

NetForensics will introduce a new pricing model with version 3.0 as well, the details of which have yet to be worked out. However, there will still be a starter package that covers 10 devices for about $50,000. The product will be available on Oct. 31.