Savvius Omnipeek 10 is the first version of Omnipeek that includes features designed for rapid, efficient security investigations.
What's New in Savvius Omnipeek 10.1
- Support for new T300, M200, and C100 appliances
Omnipeek now supports three new Savvius Omnipliances, industry-leading packet capture and analysis appliances, that enable real-time and post-event analytics at up to 25 Gbps.
- Simple UI for reassigning protocol analysis on non-standard ports
Protocol translation options now exist that let you translate TCP and UDP packets on a specific non-standard port to a specific protocol. For example, you can categorize all TCP traffic occurring on port 32000 as HTTP traffic.
- New Compass views for country statistics and node grouping
Our popular Compass dashboard now allows for grouping statistics by country. Additionally, you can group nodes by node and MAC, node or MAC.
- New Productivity and Risk rankings in application analysis
When viewing application statistics, 'Productivity' and 'Risk' columns can now be enabled and displayed inside the Applications dashboard and Application statistics table. Productivity is scored relative to the work value of an application, and risk is scored on a scale of 1 to 5, based on weighted risk factors.
- Improved forensic search performance (Capture Engine only) using file indexing
Under certain conditions, forensic search performance can be significantly enhanced using packet file indexing when capturing packets and software filters when performing forensic searches.
- Unlimited use of Omnipeek Remote Assistant (ORA) in Omnipeek Enterprise
Unlimited use of ORA is now a standard feature in Omnipeek Enterprise. ORA allows remote users to easily collect critical network data needed for troubleshooting network problems. The network data (also known as 'captures') is fully encrypted and can only be accessed by the analyst requesting the data. Once the data has been collected and stored locally on the computer running ORA, the files can be transferred to the analyst for further investigation using Omnipeek Enterprise.
What's New in Savvius Omnipeek 10
- View File Content
Since information about file content is critical to most security investigations, Omnipeek® 10 reconstructs files by extracting data from reassembled HTTP payloads. This reconstruction, performed automatically when a packet file is opened, includes a thumbnail representation of each file in a new Files view.
- Investigation Overview
The new Overview graph overlays summary level information regarding the entire packet file under analysis. This information, displayed on every Omnipeek View, provides context for the current analysis and enables a rapid transition to any time segment.
- Savvius Omnipliance Status Notifications
Savvius Omnipliance® performs 24x7 analysis and troubleshooting for mission critical enterprise networks. When a drive goes down, or a network capture stops, Omnipeek 10 immediately notifies the administrator via syslog and/or email.
- Security Events from Snort and Suricata
Security analysts need packet data when investigating security alerts, whether in near-real time or months later. Omnipeek 10 imports the analytical results from two popular open source security analysis tools–Snort® and Suricata– and overlay the resulting security alerts against the packet data for immediate, detailed analysis of any suspected breaches.
- Customize Packet Decode Views
Network troubleshooting takes many different forms depending on the problem, sometimes requiring analysis of uncommon elements not offered in standard views. Omnipeek 10 creates unique packet decode columns based on any information within packets, making it very easy to find and compare packets that contain the specific elements under investigation.
- Filter Files to Maximize Computing Bandwidth
As networks get faster, packet captures get bigger. Opening these large packet files, or even multiple packet files, can be challenging on computers with limited resources. Filtering packet files for only the information needed, like a specific IP address and/or port range, before loading the packets significantly increases analysis performance.
- Faster Forensic Searches
Omnipeek 10 significantly increases the speed at which packet data can be retrieved from disk, making post-capture analysis much more efficient.