eEye Iris Network Traffic Analyzer

eEye Iris Network Traffic Analyzer Overview:

Reduce your exposure to attack. Monitor network traffic for anomalies.

The Iris Network Traffic Analyzer vulnerability forensics software provides network traffic analysis and integrated forensics reporting. Iris enables security best practices through unique protocol analysis and proven packet sniffer technology providing for a complete network forensics solution.

Network Forensics for Policy Compliance
Iris Network Traffic Analyzer vulnerability forensics solution provides network security traffic analysis and integrated forensics reporting, enabling security best practices through protocol analysis and packet sniffer technology.

• Complete Protocol Analysis - Iris traffic analyzer performs protocol analysis, providing a list of web-browsing, email, plus instant messenger sessions.
• Network Forensics - Iris network traffic analysis provides network forensics, pinpointing the existence of malicious network traffic (such as Code Red and Nimda).

Ever wonder what type of traffic is crossing your wires?

Iris traffic analyzer performs protocol analysis, providing a list of web-browsing, email, plus instant messenger sessions....more more more.

Session Reconstruction:

Most packet capture solutions and network sniffers only display raw packets and leave it to the user to decode and determine the potential problems they represent. Iris collects network traffic and reassembles it as its native session based format, enabling users to quickly and easily make business decisions based on the service it was providing. Iris users can reconstruct the actual text of an email, as well as any attachments, exactly as it was sent. It provides reconstruction of full HTML pages that an end users visited and reassemble cookies for entry into password-protected websites. Iris will even display bi-directional instant messaging communications allowing full session reconstruction as the end user sees it.

Data Capture:

The Iris Traffic Capture Engine is designed as a service oriented architecture, permitting security professionals to gather forensic information while performing other tasks in parallel. Iris is designed to capture specific data via filters based on a myriad of traffic metrics. This approach ensures that all targeted traffic is captured, regardless of whether the solution is run interactive or as a service. For capacity and service level agreement planning, Iris allows users to leverage traffic captured in one area of a network for use elsewhere, as well as for the monitoring of applications in development. Additionally, Iris allows for advanced functions such as keyword searching and protocol distribution.

Statistical Analysis:

Iris provides a large variety of statistical measurements, supplying information on protocol distribution, top hosts, packet-size distribution and bandwidth usage. By regularly analyzing how systems and applications are being used, administrators can proactively identify and eliminate issues before they can result in downtime. Iris can also provide the proof required to drive the creation and enforcement of policies related to appropriate system and application usage.

Features and Benefits:

Statistics and Reports
Iris provides DNS names and comprehensive statistical measurements for granular monitoring of session traffic. The metrics can be viewed in an assortment of graphical formats (e.g. pie charts, bar graphs, etc.) and include:

• Protocol Distribution Stats: Reports network usage based on MAC, IP and IPX layer protocols.
• Top Host Statistics: Provides and analysis of the IP Layer traffic statistics collected for each host in real time and is ordered by the most "talkative" hosts.
• Size Distribution Statistics: Displays the number of packets with sizes in six different ranges.
• Bandwidth Usage: Charts the number of packets per second and bytes per second flowing across the network in real time.
• Traffic Reports: Complete traffic data that can be viewed in a browser, saved, printed, or copied into another program.

Data Reconstruction
Iris takes raw data in packets and turns it into complete HTTP, SMTP and POP3 sessions in their original format. The following are some of the protocols Iris reconstructs:

• Outgoing and incoming email messages: The text of the message is readable as well as the subject and recipient. Iris will launch as email client to open the message, as well as any attachments, exactly as they were sent.
• Web browsing sessions: Reconstruction of HTML pages in their original format.
• Instant messenger exchanges: Iris will reconstruct all IM communications from both sides of the conversation.
• Non-encrypted web-based email

Enterprise Vulnerability Management:

Designed for a range of small business, medium business (SMB), to large enterprises, Retina Network Security Scanner is available as both a network security software solution plus a vulnerability management appliance solution.

• Centralized Vulnerability Management - Integrated vulnerability assessment, policy enforcement, policy auditing; improving enterprise network security.
• Centralized Incident Management - Prioritized vulnerability management plus client security threats and attacks; reducing security risk plus network security response.
• Enterprise Security Reporting - With integrated vulnerability, attack and policy information provided by Retina and Blink, REM provides organizations with metrics and graphical representations of their enterprise security posture.
• Executive Dashboard - Customizable reports and charts; integrated asset management, client security, risk assessment, plus vulnerability assessment.

Specifications:

Iris can handle as much traffic as your network generates, capturing logs and decoding traffic in real time. Iris requires the following minimum system requirements:

• Windows XP 32-bit (All service packs)
• Windows 2003 32-bit (All service packs)
• Windows 2000 (All service packs)
• Windows NT (SP6 or higher)
• Windows 95/98/Me (Latest service pack)
• 1.2 GHz or higher Intel Pentium II or compatible processor
• 512 MB of RAM
• 20 GB hard-disk space required for installation & logs
• Internet Explorer 4.01 with comctl32.dll v5.0+ or Internet Explorer 5.0+

Awards:

Iris has received recognition from leading technical publications and product reviewers with exceptional ratings:

Iris Screenshots:

Documentation: