VARs looking for the next profitable frontier in network forensics have two widely different alternatives with the partner programs and products available from two vendors. The network analysis appliances available from Firescope in Huntington Beach, Calif. and Network Physics in Mountain View, Calif. offer very divergent approaches towards better network applications intelligence.
The idea is to get beyond doing packet captures, ports and protocol decodes to view and understand applications-aware information. In the past, many network analyzers have relied on deep experience and intensive training before they could be deployed as troubleshooting tools and useful for real-time threat mitigation. Products such as Network General’s Sniffer and Ethereal were purposely difficult to use and hard to gain experience with.
Instead, both of these companies have taken to aggregating network behavior patterns and making more intelligent analysis of applications across the network that can be more readily interpreted, and more readily deployed by VARs and security consultants with less experience.
Firescope’s appliance takes more of an open source and extensible framework that other vendors can add reporting and analysis modules. The total integrated package can then be sold by the VAR. “Our idea is to concentrate on end user usability and it is very easy for our partners to demo without having to have a lot of training investment,” says Steven Cotton, the company’s CEO. “Plus, it is easy for them to see immediate value and develop a technical core competency around our product. So that enhances their margins.”
To date, Firescope has “mashed up” its appliance with tools from A10 Networks, Actuate and Airtight Networks and is moving down the alphabet to other networking companies. “The idea is to tailor our product to better analyze and troubleshoot problems affecting overall IT system health, at the same time shortening the overall sales cycle for the VAR” says Cotton. To date, they have about 20 partners.
Network Physics is going about selling its network analysis product in a completely different direction. “We know that for many products, you have to become an expert on how every protocol on the network works,” says Scott Safe, the VP of marketing and product management for the company. Their NetSensory appliance, as it is called, looks at network events and tries to bring stateful inspection to the application and network behavior.
The real difference between Firescope and Network Physics is how they engage their partners. “We put together a cross-disciplinary team from both sales and our system engineers to work with the VAR directly on their top potential opportunities.” This almost one-on-one, custom training and consulting is a good way to familiarize a VAR with their product and gets them quickly immersed into their product. “This is a lot better than the standard classroom or webinars. You can learn more from the interactive sessions with the ultimate customer,” says Safe. “It is also a great way to help them baseline their customers’ networks and open up additional sales opportunities.”
To date, they have had more than 120 VARs join their program, with half in North America and half in Europe.
“With all the streaming audio and peer-to-peer users that are out on corporate networks today, there are a lot of non-business applications that are taking up network bandwidth,” says Dwight Barker, the VP of product management for the company. “We can help people with identifying that stuff, and as an example we can show a customer all the March Madness NBA championship games that are being watched over their network.”
The choice is yours: an open platform that VARs can layer additional functionality on top, or a custom series of training to help close the sale. Either way, forensics can now be used in wider situations by VARs.