June 03, 2009, 10:15 AM — Network administrators and security specialists have long had tools and software for analyzing the streams of traffic that course through company systems, but now a Marlborough, Massachusetts, startup wants to make the process a lot easier.
Dejavu Technologies recently released TrafficScape, an appliance that grabs network packets and converts them into XML documents, which are then pulled into a database that is searchable through a simple, Google-like toolbar.
The company is aiming the software at average investigators who may have the instincts needed to make smart searches through reams of data, but who lack specialized technical training, according to CEO John Ricketson.
"When it gets to dealing with networks, there are a lot of low-level engineering skills required. We're trying to get tools that domain experts can use," he said. Such individuals need to "have the tool get out of [their] way."
TrafficScape can capture a wide range of protocols and document types, including email, VoIP calls, instant messages, PDFs, Internet searches, and various other forms of data, according to the company. Searches can be done in "near real time" or against a stored data set.
Users can employ simple keyword searches or construct more granular Boolean queries, such as for all network documents containing the words "aluminum," "shipment" and "Dejavu," according to a demonstration.
The tool also allows searches that employ network attributes -- information such as IP addresses and user IDs that are tied to a given conversation. Therefore, one could search for all exchanges between two particular users, in which a certain keyword or words crop up.
Conversations with many network transmissions, such as an instant messaging session, are captured and organized as a group within a single document. Even the buddy lists associated with a chat get captured, giving investigators a potentially broader view into a target's identity and associations.
Beyond ease of use, to differentiate TrafficScape in the market, Dejavu is planning to home in on Web 2.0 data, such as the various information streams that flow to and from complex social networking sites like Facebook, Ricketson said.
The next version of the product will also add automatic text transcription of VoIP calls and video streams, which will be indexed and searchable.
While Dejavu may have a couple of new twists on the formula, a range of other companies, such as PacketMotion, have been selling various types of network traffic analysis tools for some time.
Therefore, TrafficScape has to make the right strategic moves as it enters the fray, according to Forrester Research security analyst John Kindervag.
"If they are priced cheaply enough, they could get some play," he said. "I would think this type of technology is a nice to have, not a need to have. Startups tend to overestimate their value to the enterprise and price themselves out of markets from the beginning. It takes a few quarters of abject failure before they align their prices to the market."
TrafficScape is sold either as a package that includes the data-capture appliance and a hosted database that stores captured files, or as a tool that pushes the information into another search engine, chosen by the user.
Pricing is dependent on the scale of a particular customer's needs, said Ricketson, who declined to provide specifics.
Dejavu is initially focusing on government clients as well as ISPs, who could sell it as a value-add for their customers, according to Ricketson.
Many ISPs are subject to court orders to capture network traffic, but don't make any money off of it, he said. "This is a way for them to provide service back to customers and have it be a revenue generator."
