I spent a good amount of time this week speaking to customers, partners and prospects about deploying, engineering and using our products — one topic that always seems to be part of the discussion is system throughput and scalability.  Of course our position regarding this is clear, as NetWitness technology was designed from inception to support any combined throughput and can scale out as your network grows.  Inevitably the conversation dives deeply into why we say this…

For any network recording AND analysis technology there is an INPUT and OUTPUT to consider, I think everyone knows this.

INPUT – the concept of guaranteeing packet acquisition and writing to a storage structure with no loss as fast as possible – 1Gbps, 10Gbps, 40Gbps… and so on. The vast majority of vendors out there focus on and emphasize this extensively — this may be capture acceleration, stream-to-disk, or flow/header technology in high bandwidth environments.

OUTPUT – the concept of being able to access and analyze the captured data, deeply and across days, weeks or months of data quickly, ideally in real-time.  Most vendors minimize the importance of this, and often do a poor job of providing value with data spanning more than a few hundred mega-bytes at a time, and rarely address true security needs.

What is never discussed or exposed in the market is that these requirements are in constant contention when acting on network data within a single physical system.  Or, in other words, the more you are writing to a system the less you can read. Being sensitive to this reality since the first version of our product over 10 years ago, we designed a system that optionally separates these services, and scales out on hardware to meet any deployment condition. Ultimately providing high-speed capture, retention, and real-time access to deep analytics – true situational awareness of your network – it is what NetWitness does.

Recently, I did a webcast that goes into detail about how to architect NetWitness in these environments — I invite you to take a listen, you should find that when it comes to architecture and scalability, NetWitness is one of the few in our space that can actually deliver.

Brian Girardi – Director, Product Mangement