Sandstorm Enterprises® : Press Releases
Sandstorm Enterprises® Niksun

Directional arrowsSandstorm Home

Directional arrowsPress

Directional arrowsProducts

Directional arrowsSales

Directional arrowsSupport

Directional arrowsPartners

Directional arrowsBlog

Directional arrowsAbout Sandstorm

Get a Quote
Print View
Press Releases

NetIntercept® 2.0 RAISES THE BAR FOR NETWORK FORENSICS

Two-terabyte appliances deliver higher performance and customizable automatic operations: Sandstorm lists products on GSA and launches new Channel Partner Program

SAN FRANCISCO, CA — April 15, 2003 — Sandstorm Enterprise’s NetIntercept® 2.0, announced today, enhances both internal and external network security by providing forensic tools to IT professionals so they can efficiently analyze network traffic, identify potential security breaches, and quickly resolve network security events. The new version of NetIntercept is premiering at RSA.

By adding a two-terabyte RAID configuration for more storage space, many performance enhancements, and the ability to automate analysis, reporting, and data export, Sandstorm has delivered the solid NFAT functionality demanded by government agencies and Fortune 500 firms. The new high-end systems will capture more than 120 days worth of traffic on a fully loaded T1.

NetIntercept 2.0 integrates LANWatch®, Sandstorm’s network packet analyzer, with the core forensic and discovery tools available in previous versions, adding the power of an enterprise sniffer to NetIntercept’s core NFAT tools. NetIntercept also decodes more than 85 network protocols, and includes patent-pending technology to decrypt SSL and SSH streams.

NetIntercept’s full-content network monitoring and Rapid Event Analysis delivers a battery of benefits to information security professionals, including the ability to better understand network traffic and search many types of content for confidential or inappropriate data. Searchable content types include incoming and outgoing emails, word-processing documents, spreadsheets, presentation files, and instant messages. With NetIntercept 2.0, users can quickly identify security vulnerabilities and configuration problems as well as rapidly investigate security events identified by their firewall or Intrusion Detection System (IDS).

“With NetIntercept, IT professionals can detect breaches in security or corporate policy that have gone unnoticed,” said James Van Bokkelen, President of Sandstorm. “The intuitive user interface and sophisticated stream reassembly allows users to quickly investigate and analyze security events, identify unusual spikes of activity, conduct keyword searches of incoming or outgoing files and email, and reconstruct Web page visits. This information can alert an IT department to inappropriate network use, leaks of classified information, and breaches in security like Slammer and Nimda.”

The efficiency of NetIntercept’s forensics tools significantly increases productivity in today’s demanding IT environments. "Using NetIntercept, certain security events that used to take half a day to research, can now be performed in as little as 15 minutes," says Preston Wood, VP Information Security for a financial services company that has deployed several NetIntercept appliances.

At the core of NetIntercept are two key components: sophisticated tools to capture, archive, and reconstruct network traffic and a flexible graphical user interface to uncover unusual, troublesome, unethical, or illegal activity. The NetIntercept appliance captures network traffic using a modified UNIX kernel and a standard Ethernet interface placed in promiscuous mode, making it undetectable and guaranteed silent on the monitored network. The data is then stored on NetIntercept’s hard disk in tcpdump-format files for analysis. Once the data is collected, a network administrator or security professional can analyze in minutes what once took a team of people several hours.

NetIntercept with Rapid Event Analysis provides information about such things as:

  • Email usage searchable by To, From, CC, and Subject Line
  • Web sites visited, complete with page reconstruction
  • Key word search within email, DOC, XLS, PPT, RTF, chat, and several other formats
  • Full-content inspection of network traffic
  • Activity for a specific user, filename, content type, TCP/UDP Port, MAC or IP address

Pricing and Availability

The NetIntercept appliance scales to fit customer needs, with systems starting at just $8,900 for the entry-level 2U rack configuration, up to $59,900 for the new two-terabyte unit. Currently Sandstorm is shipping three models: the S95, DR300 and DRG770. The NetIntercept 2.0 systems will go into production on May 15, 2003. All NetIntercept systems include one year of support and updates.

GSA and Partner Program

Sandstorm is also announcing a channel partnership program for security and value added resellers. The new program is structured to fit various levels of participation and enables resellers of all sizes to deliver the solutions their customers are demanding. Sandstorm is actively conducting training and certification programs for reseller representatives.

"By joining Sandstorm's reseller program we're able to dramatically enhance our suite of customer solutions," says Murray Washburn, Senior Federal Sales Representative at Red River Computer Company. "Comprehensive NetIntercept training and the favorable margins combine to give us a complete Network Forensics solution to add to our security offerings."

Several resellers are already on board, including Software House International, ISecure Networks, GC Micro, Network Services, Planet Technology, Red River Computer Company and Secure Commerce Systems.

Through newly forged reseller relationships, Sandstorm’s full line of security products is now available for purchase through the U.S. General Services Administration (GSA). This allows federal employees easy access to Sandstorm’s world-class security products.

About Network Forensics Analysis

A network forensic analysis tool (NFAT) does not replace an IDS or a firewall, but works in partnership with these tools to maintain network security, preserve a long-term record of network traffic, and allow speedy and thorough analysis of identified trouble spots. With a NFAT, an analyst can go from considering which traffic is of interest to studying a detailed analysis in a few mouse clicks. For more information about NFATs: IEEE Article on Network Forensics Analysis (PDF).

About Sandstorm Enterprises®

Sandstorm Enterprises develops aggressive software products for network monitoring, network forensics analysis, and security auditing including telephone scanning, penetration testing, and vulnerability assessment. Founded in 1998, Sandstorm’s customers include Global 2000 enterprises, government agencies, and security consulting firms in over 35 countries. Sandstorm’s other products include: PhoneSweep, a patented, multi-line telephone scanner (also known as a “war dialer”), Sandtrap, a war dialer detector, and LANWatch, a packet-oriented network protocol analyzer. For more information visit

Media Contact Marketing Department
press@sandstorm.net

Sales Contact Sales Department
sales@sandstorm.net

General Contact Phone: +1 781-333-3200
Web: www.sandstorm.net


Press Releases
Next Press Release
Prior Press Release
Back to top
Sandstorm Enterprises develops
tools with sharp edges ®
for information security professionals.
Site materials © 1998 - 2010 Sandstorm Enterprises, Inc. The Sandstorm logo®, LANWatch®, NetIntercept®, PhoneSweep®, Sandtrap®, TCP.demux™, Single Call Detect™, Tools with sharp edges®, Rapid Event Analysis™, and Sandstorm Enterprises® are all trademarks or registered trademarks of Sandstorm Enterprises, Inc.