Network forensics driving new opportunities in enterprise

Geolocation with Solera NetworksSecurity-minded channel partners may want to take a look at network forensics appliances and software, if they haven’t already. With an increase in the number active persistent threats and a growing need for IT security professionals with experience in fighting advanced threats, network forensics tools are finding their way into enterprises more and more, and will continue to do so in the future.

Typically a technology that has been found in government departments and agencies, as well as in the intelligence community, network forensics is seeing growth in the enterprise space. According to Peter Schlampp, vice president of product marketing at Solera Networks, network forensics technology like that from Solera has typically been used more by the government and intelligence communities in the last few years because enterprises have found their budgets constrained, but now that the economy is improving and budgets are opening up, more businesses are turning to network forensics to get visibility into their networks that they never had before.

“I think the reality that organizations are facing is they’ve bought all this security gear, whether it’s firewalls or IPS devices and all these things, but despite all that, their networks are still getting attacked, they’re still being exposed and … they don’t have the tools to be able to tell what happened, if somebody is still on the network, what was lost, and they don’t have the ability to make themselves whole again,” Schlampp said.

There are several vendors playing in the network forensics space. In Solera’s case, it provides an appliance that plugs into a company’s switch and then collects, sorts and archives all traffic on the network so network and security administrators can see exactly what is happening on their networks. In the case of threats, the software on the appliance provides them with detail on network traffic that they never had before, which allows them to deal with threats much more easily, Schlampp said.

Additionally, the appliances work with firewalls, IPS devices and other security hardware and software to provide admins with a very detailed look at network traffic.

For the channel, network forensics represents a growing opportunity not just in the hardware sale, but also in consulting services to businesses. At this point in the technology lifecycle, network forensics is still aimed mostly at public sector, enterprises and (to a lesser extent) the midmarket. Schlampp noted that Solera doesn’t play at all in the SMB space. It should be safe to say that as the technology matures and prices decrease, the technology will move downstream, but for now, the majority of opportunities will be with larger businesses.

It’s a technology that resellers can make good margin on the hardware/software sale while also providing themselves with recurring revenue in consulting and monitoring services.

“Being able to have somebody in the channel that understands network security, they can go in and say here’s all the information of data on the networks, and I can help you translate it and use it. That’s very powerful,” Schlampp said.

One way that security-centric VARs are using Solera’s appliance is plugging it into a potential customer’s network as a demo, leaving it there for a week, and then returning to show the business what exactly is going on with their network traffic. Many of them get surprises. At the very least, they find that they have more visibility into network traffic than they ever had in the past, Schlampp said.

Another key opportunity is in the cloud. According to Schlampp, many customers have asked for network forensics in the cloud so they can see what’s going on with their cloud infrastructures and services, so there’s also a growing opportunity to provide network forensics in the cloud and also offer network forensics as a cloud service.

As a startup company, Solera is still transitioning its business from all direct sales to all channel sales, but Schlampp said he expects Solera will be 100 per cent channel-driven by the end of the year. Solera is building out its US channel first, but Canada is next on its list. The company already has customers within the Canadian government. Once the US channel has been established, Solera will turn its eyes north and then outwards to international markets.