• How do you know what really happened on your network if you don’t have a record of it?
• Can you prove definitively what communications did or did not occur on your network?
• Do you want to have a higher level of assurance regarding actual specific activities on your network?

• NetWitness® Decoder is the cornerstone of the NetWitness NextGen™ infrastructure and the key component of an enterprise-wide network data recording solution.
• Decoder is a real-time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyse full network traffic in an infinite number of dimensions.
• Unlike every other network recording or monitoring products on the market, Decoder fully reassembles and globally normalises traffic at every layer for full session analysis.
• The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets.
• Decoder creates a definitive foundation of Total Network Knowledge™ that can be mined in real-time by the NetWitness® Investigator Enterprise and Informer applications.
• NetWitness Decoder now also includes NetWitness® Live, which provides you with access to multi-source threat intelligence.
• For more advanced applications, users can leverage NextGen’s available API/SDK to build more organisational-specific applications which utilise Decoder and the NextGen infrastructure.
• Decoder represents the intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capabilities on the market.

Now Available in a Portable Version!

• NetWitness has now introduced NetWitness® NextGen Eagle, a portable and compact version of the NetWitness® Decoder.
• NextGen Eagle broadens NetWitness’ capabilities from fixed network infrastructure devices to include a compact, mobile monitoring system to support law enforcement, incident responders, auditors, intelligence, and consulting staff for field-duty scenarios.
• Unlike other portable vendor offerings, NextGen Eagle also supports WiFi monitoring with an exceptional depth of analysis.

Product Features

• Supports 10G infrastructures
• Supports NetWitness® Live
• Linux-based, highly configurable, full packet capture and reassembly device
• Modular and fully upgradeable hardware platform across entire product line
• Indefinitely scales your collection infrastructure upon a distributed, highly manageable, real-time framework
• FlexParse™ enabled for rapid, user definable parsing and modeling
• Supports threat intelligence feeds that track BOTs, designer malware, darknets, proxies and fast flux networks, etc.
• Protocol and application exploitation: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), Bittorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR, Social Networking, Fast Flux and many others.
• Expandable SAS storage capacity & supports SAN solutions
• Available API/SDK for custom application development
• Supports NetWitness Identity for correlating users to network traffic
• Supports RSA SecurID and LDAP authentication

Deployment

• Place NetWitness® Decoder(s) wherever you want to capture traffic: egress, core, facility, or segment.
• They can be operated continuously or tactically and ingest any network capture feed from any source.
• Decoders are designed to interoperate with Investigator Enterprise and Informer, as well as push data to central NetWitness® Concentrators for aggregated analytical views.

• Training Available