REVIEWED AT: PC Expo 2004
The threat of employees misusing company data is just as real as the threat of a hacker outside the firewall. That reality has lead to the introduction of many products that monitor network traffic to secure evidence of misdeeds. Iris, eEye Digital Security's newest network security product, is an advanced data and network traffic analyzer that stores, organizes and reports all traffic on the network.
The sniffer needs to be installed on a system high in the network structure to a hub with a managed port, after a main switch or close to the main gateway. If going through a switch, a hub must be present as a go-between. The product recreates user's Web sessions and displays in HTML, packet or ASCII format. Filters can be setup to display customized information. Administrators are able to monitor traffic based on a specific IP address, MAC address, and even a specific word. The filters can monitor Web-browsing patterns and determine what their employees are actually doing.
The software uses advanced proprietary features that reconstruct packets, perform packet manipulation, forging, log sniffed packets, log reconstructed packets and log network wide foreign connection attempts. The filters employed can filter by hardware layer, protocol layer, MAC address, and IP address, port and even by key word.
The process of monitoring both incoming and outgoing traffic allows Iris to capture and retrace the steps of any network user. Its features are revolutionary and allow IT administrators to proactively monitor the network. Iris also allows the detection and complete documentation of an intrusion from outside the firewall.
Although the product gives a wide range of filtering options, filtering based on protocol, IP address and key word were the most effective. A good example is the HTTP filter that was created to monitor port 80 traffic. It retrieved sites that were popular among monitored users and gave the administrator reason to investigate the site and decide on whether it was counter productive. The statistics that are generated can be used to prepare impressive report for upper management.
Iris's guard feature works in conjunction with the filters that are configured by the user. It monitors the guarded port for any TCP/IP activity that matches a specific connection sequence. Iris then alerts the administrator of the connection attempt. An audible alarm can also be configured. The product gives IT staff the convenience of filtering which allows them to focus on only the relevant data.
The documentation is available on the installation CD as a PDF. It is informative and gives a nice overview of Iris's feature and an appendix that gives a brush up on networking basics and an introduction to TCP/IP. A handy CPU usage meter on the bottom of the screen allows the administrator to see the load of the system.
With so much happening at once, Iris provides a clean looking GUI that allows for multiple processes and switching between tasks.
PRODUCT NAME: Iris
All trademarks are property of their respective owners or holders. Information subject to change without notice
Copyright © 2000 - 2015 AMT Software. All rights reserved.