By Allan Maurer

HERNDON, VA—NetWitness, originally developed for the U.S. Intelligence community, has evolved to provide enterprises with a breakthrough method of network content and risk analysis. “We provide a way to drill down to exactly what happened in a network and see a forensics trail that gives you the insight you need to find needles in a haystack,” says NetWitness President Nick Lantuh.

“I was asked to come in and take a look at this network monitoring technology they had been working on,” Lantuh tells TechJournal South. “They wanted to know if it had any legs beyond its core intelligence community customers.”

And indeed, it did.

Amit Yoran led a management buyout of the product from ManTech in 2006 and serves as the Chairman and CEO. The company raised an $11.5 million first round. Lantuh says the company may seek additional funding to expand in its market space or open new vertical markets, but “Fortunately, we flipped over into profitability in the second half of 2008,” Lantuh says.

The company has 50 employees and is doing some hiring in select areas.

NetWitness is a presenting company at the third annual Southeast Venture Conference March 11-12th, 2009 at the Intercontinental Buckhead in Atlanta, Georgia. (See: www.seventure.org).

“These events give you a chance to spread your company’s message to a broad audience,” says Lantuh. “There is also value in seeing what else is out there in venture technology and specific industries, as well as great networking for a company or individuals.”

NetWitness today has about 90 customers that include Defense, national law enforcement and intelligence agencies, top 10 U.S. Banks, critical infrastructure, and Fortune 1000 organizations.

NetWitness Investigator is deployed at some of the largest government and financial institutions in the world to detect and help stop nation-sponsored and organized criminal techniques. It is also used to monitor insider threats such as rogue users and to verify operational regulatory compliance.

“We have an enterprise class product that examines communications over any channels an organization has,” says Lantuh. “It ties together all the pieces and shows the links of all the communications and components to provide really deep visibility of network traffic. So we’re standing over the shoulder of the bad guys.”

Also, he adds, “It provides infinite clarity to incident response and security teams, saving lots of time and money along the way.”

Previously, security teams had to examine network packet information manually, which can be daunting, since that means looking at from thousands to billions of packets. Although tools are available, few are comprehensive, Lantuh notes.

“What used to take an exorbitant amount of man-hours and bodies, would still only get you 70 percent of the way there,” says Lantuh.

“We look for bad things leaving the network, such as social security numbers or account information. We see malware and complex advanced attacks from the outside in. The product has the ability to look from the application layer down to the network and show a complete picture and provide proactive alerts when abnormal things are happening.”

A large bank using NetWitness discovered that even though they had “all the security products you could imagine,” a Russian business was found spending time on their network,” says Lantuh. “A large government agency said a single NetWitness box on their network was responsible for 60 percent of the kills they saw.”

The company sells the product on a perpetual license model with annual maintenance. It deploys the software solely on appliances it sells to an enterprise with its software loaded. It costs rough from $50,000 to $60,000 per appliance, Lantuh says.

A free version of its award-winning NetWitness Investigator is available online (at : http://download.netwitness.com).

The free solution captures and inspects traffic, identifies problems, and can quickly analyze the most advanced network threats – it’s the most powerful insight available and very simple to use,” according to Tim Belcher, CTO of NetWitness.

“Today, many organizations have been lulled into a false sense of security because they can’t actually see many of the more sophisticated attacks against their infrastructure,” Belcher said when the free version was released.

Belcher conducts a set of video tutorials on YouTube that provide an excellent introduction to exactly how the product works and how to use it.

http://www.youtube.com/watch?v=QDxTPYn2O2g

Southeast Venture Conference, February 29 – March 1, 2012 at the Ritz Carlton in Tysons Corner, VA – Where Smart Money Meets Smart People.
www.seventure.org

© 2009, TechJournal South. All rights reserved.