Intrusion has released Savant, a new class of data mining and network analysis devices, which it claims to encompass all the traditional network performance monitoring, security surveillance and forensic analysis.
The company said that the 20Gbps technology simultaneously provides protocol decodes, data analysis and near 100% packet captures.
According to Intrusion, the Savant adds new features such as social networks and bot network mapping; content and context analysis of content flows; history and nature of relationships; communications based relationships; mapping protocol specific personal IDs to humans and their machines; and communicants, humans/code/bots.
Savant extends beyond NetFlow, sflow and J-flow, by adding full details beyond IP connections and counts; improves protocols by providing selected data element extraction; TCP sessions to humans and machines; and augments packet decoding with statistical information including counts, first time seen, last time seen and time-based histograms, the company claims.
Intrusion said that the Savant’s Accumulator supports data accretion rates of 400 million items per second and provides users tracking and instrumentation of email, chat, DNS, VoIP, socket API calls, SQL, or any collation on protocols. It can be used to discover infected hosts on DoD contractor networks and to discover other illegal activities previously unknown to the analyst.
Ben Bittle, VP of marketing and product development at Intrusion, said: Savant’s ability to capture approximately 100% of the content of a given application and seamlessly import the collected content into a plurality of third-party applications has led to many eye-opening discoveries. Social networking relationships that would have been previously overlooked or unknown are now easily displayed and understood by the organisation.