Review: Network analyzer churns out useful security reports

eIQnetwork's device makes sense of vast amounts of system log data

It isn't enough anymore to keep computer networks secure. Administrators must now produce reports proving that their networks are secure enough to comply with the Federal Information Security Management Act.

Fortunately, log files already contain much of the data administrators need for security compliance audits. The challenge is formatting that data into useful reports.

Network Security Analyzer Version 4.2 from eIQnetworks brings together large amounts of syslog data that would otherwise make no sense to a human. Syslog is a protocol that records logging information. It has become a standard for network devices.

Once we were sure that all systems involved were processing syslog transactions, we moved on to the fun part of testing Network Security Analyzer: producing malicious events using our toolbox of quasi-hacker utilities. We started with Nmap, a time-tested utility.

First, we performed three reconnaissance-type scans designed to generate quick alerts from our Snort intrusion-detection system. The first was a ping scan simulating a hacker discovering our network's layout. Instantly, the Network Security Analyzer reported an attempted information leak and gave us the IP addresses of both our target hosts — a Red Hat Linux Web server and a Linksys broadband router.

Then we attempted port scans against each target host to determine what operating systems they used and what services were running. But the analyzer could not report that information because it can process reports only on data sent to syslog by the device being examined.

To keep things in perspective, the analyzer goes beyond packet-level details about network occurrences and correlates events that would otherwise be missed because they occur across network devices of disparate types and locations. Although the analyzer can give an impressive level of detail, provided that the details are reported to the syslog server, it does not replace the reporting functions of your firewall or intrusion-detection system.

What we like

We like the Java-based Web interface. Unlike many Web-based products, Network Security Analyzer boasts a responsive, lightweight user interface.

We applaud the tiered user access built into the product. The three tiers of access — Report User, Normal User and Administrator — ensure that the product can scale to meet even the largest enterprises' needs.

Another plus is that the management interface will integrate with its own internal user name/password database, Microsoft Windows security or a Lightweight Directory Access Protocol database.

Recommended improvements

We would like to see a way to manually create syslog decodes — utilities for translating the output of devices into usable data — for products not currently supported. Such decodes could then be shared among customers on the company's Web site.

Also, it should be possible to allow for the use of only a single analyzer system instead of relying on a distributed model to break up administration duties and network load. That would centralize management and save customers money.

Greer is a network security consultant. Bishop operates Peoples, an Internet consulting firm. They can be reached at

Network Security Analyzer 4.2

(877) 564-7787

Features: ****

Performance: ****

Usability: ****

Platform support: ****

Price: ****

Price: The product starts at $895 per networked device.

Pros: Network Security Analyzer finds information on suspicious network events that would otherwise go unnoticed. It generates automated reports useful for security compliance audits. The analyzer is also easy to use.

Cons: It could use a feature to manually create decodes for network devices not currently supported.

Platforms: Network Security Analyzer can be used with any TCP network, but it requires a Web server. It is compatible with Microsoft Internet Information Server and the Apache Software Foundation's Web servers.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group