NetFort 12.4 – Network Traffic and Security Monitoring
New Version of NetFort LANGuardian Provides Customers with a Single Point of Reference for Network Traffic and Security Monitoring.
NetFort, a leading provider of network traffic and security monitoring (NTSM) solutions, today unveiled version 12.4 of the LANGuardian application. The new version ensures network teams today have the visibility required to collaborate and work with their security colleagues and manage the daily security issues prevalent in today’s world.
Version 12.4 includes a number of significant changes:
- SMTP Email Decoder Enhancements
- HTTPS Website Use Reporting
- Updated BitTorrent Decoder
- Snort 2.9
- SYSLOG Forwarding Feature
SMTP Email Decoder Enhancements
The SMTP decoder is a great feature from a network security monitoring point of view. It is a powerful tool if you want to monitor email for phishing type network attacks. Malicious attachments have made a comeback as top attack vector. An interesting post on this here.The SMTP decoder has been upgraded to record the following information
- Attachments to SMTP emails, including attachment name, MIME type and description. A sample report is shown below, some information is blurred as it came from a live network.
- Embedded hyper Link detection in emails. This is a beta release for evaluation. Where an SMTP email contains a hyper link, but the link target doesn’t seem to match the description, LANGuardian will log the link target and the description.
HTTPS Website Use Reporting
The Website monitoring module has been upgraded to now report on HTTPS domains. Domain information (such as https://facebook.com) and traffic volumes are recorded. As packet payloads are encrypted, Individual URIs cannot be reported.
Updated BitTorrent Decoder
BitTorrent continues to be a popular protocol for downloading and uploading media from the Internet. LANGuardian has the ability to detect BitTorrent use and record metadata such as Infohash values and IP addresses. In 12.4 the BitTorrent decoder has been upgraded to record Peer Exchange messages (PEX). This increases the detection rate for BitTorrent activity and will record media titles, if included in the PEX message.
Snort is a network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging. Snort performs protocol analysis, content searching and matching. LANGuardian 12.4 now includes Snort version 2.9.7. This allows LANGuardian to take advantage of new keywords supported in IDS signatures for Snort 2.9, distributed from the ET Open project
SYSLOG Forwarding Feature
Many customers choose LANGuardian as it can integrate with existing tools like SolarWinds, McAfee or WhatsUp. Version 12.4 extends this functionality with the addition of a new configuration page to manage the forwarding of events to external syslog collector (SIEM) systems.
This means you end up with a centralized dashboard for all network activity or as one customer described it “single point of reference for network and user activity monitoring and first stop in troubleshooting any issues”