Understanding the differences between Net Forensics and Riverbed

NYGiantsFan
NYGiantsFan used Ask the Experts™
on
I was wondering if anyone has experience with these two tools?  If so, what would you say are the advantages and disadvantages to each?

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Actually, let me refine the question.  The product is nFX Sim One by Netforensics and the other product is Cascade Profiler.  I am trying to figure out the differences.  

Both do log analysis.  
Exec Consultant
Distinguished Expert 2018
Commented:
Although both do log analysis, they are focusing in presenting different assessments. I will list out the key area of strength in each product and that may hopefully help in addressing your queries

A) nFX Sim One by Netforensics
- It is more under the category of Security Information and Event Mgmt (SIEM)
- best suited for deployment where real time monitoring is required esp for incident handling, flexible reporting is needed, and modest resource exist for customisation and support as it is software based.
- Has an extensive library of compliance reports with a compliance reporting functionality that makes it easy for all key stakeholders to report on security metrics that directly impact control objectives e.g. has FISMA compliance framework provides a multitude of views and reports that support the SP 800-60 guidelines from the FISMA Federal Enterprise Architecture Business Reference Model SP 800-53A controls
- Has advanced threat correlation and incident response capabilities to speed identification, analysis, and mitigation of real threats to high value business assets e.g. Enhanced Incident Resolution Management and bi-directional communication for ticket acknowledgment status between nFX SIM One and HP OpenView ensures a smoother, more automated incident response across organizational boundaries.  


B) Cascade Profiler by Riverbed
- It core focus and research has been in area of WAN optimisation controller hence for log analysis it may not reach a maturity as compared to experienced org such as Netforensic or even ArcSight
- No deep packet inspection as it uses agent-less deployment but it will required the steelhead appliance for better "collective perceptive"
- Key is that it is more for network and application performance analysis and visibility solution with the capability to provide layer 7 analysis


Therefore, for whatever solutions, in reality, you are looking for, they are optimized for different use-cases and one size never fits all. See this article on choosing one (in this case SIEM) - key is know your objectives and what product fits your requirements e.g SIEM (compliance, proactive incident handling related) or Network log analysis (e.g. key performance indicator centric reporting for benchmarking)
@ http://www.scmagazineus.com/cutting-through-siem-vendor-hype/article/119440/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial