'Google-like' tool aids network security

A Massachusetts startup's new tool turns network sessions into searchable XML documents

Network administrators and security specialists have long had tools and software for analyzing the streams of traffic that course through company systems, but now a Marlborough, Massachusetts, startup wants to make the process a lot easier.

Dejavu Technologies recently released TrafficScape, an appliance that grabs network packets and converts them into XML documents, which are then pulled into a database that is searchable through a simple, Google-like toolbar.

The company is aiming the software at average investigators who may have the instincts needed to make smart searches through reams of data, but who lack specialized technical training, according to CEO John Ricketson.

"When it gets to dealing with networks, there are a lot of low-level engineering skills required. We're trying to get tools that domain experts can use," he said. Such individuals need to "have the tool get out of [their] way."

TrafficScape can capture a wide range of protocols and document types, including email, VoIP calls, instant messages, PDFs, Internet searches, and various other forms of data, according to the company. Searches can be done in "near real time" or against a stored data set.

Users can employ simple keyword searches or construct more granular Boolean queries, such as for all network documents containing the words "aluminum," "shipment" and "Dejavu," according to a demonstration.

The tool also allows searches that employ network attributes -- information such as IP addresses and user IDs that are tied to a given conversation. Therefore, one could search for all exchanges between two particular users, in which a certain keyword or words crop up.

Conversations with many network transmissions, such as an instant messaging session, are captured and organized as a group within a single document. Even the buddy lists associated with a chat get captured, giving investigators a potentially broader view into a target's identity and associations.

Beyond ease of use, to differentiate TrafficScape in the market, Dejavu is planning to home in on Web 2.0 data, such as the various information streams that flow to and from complex social networking sites like Facebook, Ricketson said.

The next version of the product will also add automatic text transcription of VoIP calls and video streams, which will be indexed and searchable.

While Dejavu may have a couple of new twists on the formula, a range of other companies, such as PacketMotion, have been selling various types of network traffic analysis tools for some time.

Therefore, TrafficScape has to make the right strategic moves as it enters the fray, according to Forrester Research security analyst John Kindervag.

"If they are priced cheaply enough, they could get some play," he said. "I would think this type of technology is a nice to have, not a need to have. Startups tend to overestimate their value to the enterprise and price themselves out of markets from the beginning. It takes a few quarters of abject failure before they align their prices to the market."

TrafficScape is sold either as a package that includes the data-capture appliance and a hosted database that stores captured files, or as a tool that pushes the information into another search engine, chosen by the user.

Pricing is dependent on the scale of a particular customer's needs, said Ricketson, who declined to provide specifics.

Dejavu is initially focusing on government clients as well as ISPs, who could sell it as a value-add for their customers, according to Ricketson.

Many ISPs are subject to court orders to capture network traffic, but don't make any money off of it, he said. "This is a way for them to provide service back to customers and have it be a revenue generator."

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityTrafficScape

More about etworkFacebookForrester ResearchGoogleMotion

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Chris Kanaracus

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place