Savvius, Inc. is looking to broaden its user base for OmniPeek 10, the company’s latest major update to its software for network performance diagnostics and troubleshooting, by appealing to security teams with features to help with their investigations.
“What we’re finding is it’s just not engineers anymore that want to do packet analysis,” said Savvius director of products Jay Botelho. “We’re definitely finding a growing percentage of people in security who want to do packet analysis.” This includes those brought in on contract to conduct a specific forensic investigation, he said.
The release of OmniPeek 10 marks the first time in recent years that Savvius has taken a new spin on the software, said Botelho, as it looks to provide a combination of tools that makes it useful for security investigations as well as the tradition networking market customer base. “Security features area important to network engineers too.”
The update includes some key features that focus on the needs of security professionals, he said, as packet data software has historically been awkward and time-consuming to use in a security investigation. OmniPeek 10 is designed to help both network and security professionals access the specific data they need.
Botelho said OmniPeek 10 provides the latter with a single tool with improved workflow for security investigations that helps them look at particular files. “They’re not entirely comfortable with packet analysis,” he said. “They don’t want to look at packets if they don’t have to.”
Instead, the software provides more metadata to solve problems and avoid manual protocol analysis where possible. One feature that supports this is the ability to open multiple large capture files simultaneously by filtering the packet files before they are loaded and analyzed, reduces file size and helps to speed up response times.
Another related feature in OmniPeek 10 is “View File Content,” which reconstructs files by extracting data from reassembled HTTP payloads to provides critical information about file content. Botelho said this enables security analysts to see exactly what files were transferred at a particular time between every user on the network; they can search assembled packet payloads for any string, filter data by country, add as many custom decode columns as they require, and perform fast forensics searches. The streamlined user interface can now include security alerts from popular open-source IDS platforms such as Snort and Suricata.
OmniPeek also works with Savvius’ appliances, notifying administrators via syslog and e-mail if an Omnipliance drive goes down or a network capture stops. “Customers are relying on our appliance to capture packet data,” Botelho said. “They expect the packets to be there.”
The updates in OmniPeek 10 are also about getting security experts and network engineers working together, he added. “The security [professional] may not be completely comfortable with this type of investigation, and it allows network people to be more helpful.”
Early this year, Savvius released version 9.1 of OmniPeek to better support real-time as well as forensic analysis.