Network analysis and forensics with NetDetector

NetDetector® Comprehensive and actionable solution for securing networks

Relax! You won’t miss a thing.

Whatever the task, from forensically reconstructing network activity to getting complete situational awareness of your network, NIKSUN NetDetector Suite with capture rates of 100 Gbps, is up to it. Simply plug it in and Know the Unknown®

NetDetector is the world’s first packet-capture-to-disk appliance for cyber security NetDetectorLive is the only solution that integrates packet capture, metadata generation, real-time indexing up to Layer 7, IDS (signature and anomaly), malware analytics, and a whole lot more

NIKSUN NetDetector Suite provides in-depth and real-time forensics that go beyond firewalls and IDS/IPS systems to identify, resolve and prevent cyber attacks Enterprise capable to work across your network, giving you one single, unified view from end-to-end

"[NetDetectorLive] literally saved billions of dollars in losses around the world." – Commissioner William Ralph Basham, Jr.


The threat of a catastrophic cyber attack is real. Insider threats, zero-day exploits, malware, advanced persistent threats (APTs), and other cyber attacks are now occurring on an unprecedented scale with extraordinary sophistication. Because security threats are becoming more damaging and difficult to foresee, forestall and recover from, it is essential to maintain continuous visibility into networks and use advanced forensic analysis to thwart attacks.


NIKSUN® NetDetector® is a full-featured appliance for network security monitoring built on NIKSUN’s award-winning NikOS architecture. It is the only security monitoring appliance that integrates signature-based IDS functionality with statistical anomaly detection, analytics and deep forensics with full-application reconstruction and packet level decodes. It is the industry’s best security monitoring and forensics appliance to safeguard against increasingly sophisticated cyber attacks. Users are informed of security breaches and attacks as they occur and can automatically initiate interdiction actions to prevent the malicious traffic from entering the network. Users can quickly answer critical questions such as how a breach occurred, what data was exfiltrated, what was compromised, who was affected, and what corrective measures need to be initiated.

Features & Benefits

  • Comprehensive Big Data security intelligence
  • A “google-like” interface for Big Data analytics, performance, and security
  • Ingest, correlate and search a wide variety of data for indicators of compromise
  • Reconstruct applications and sessions for accurate attribution
  • Replace manual investigation processes with proactive discovery, classification and analysis of diverse applications of protocols
  • Integrated anomaly and signature IDS detection
  • Traffic capture and multi-timescale analysis on a variety of interfaces and over 100Gbps system throughput
  • Intelligent interception of malicious traffic
  • Reconstruct applications & TCP sessions for forensic analysis and evidence through contextpreserving GUI tabs
  • Drill-down to packet level information for granular forensic analysis
  • Ad-hoc and scheduled reporting on multiple timescales
  • Support for lawful intercept
  • Plug-and-play device with intuitive web-based interface & Role-based Access Control (RBAC)
  • Seamless integration with NIKSUN NetOmni for network-wide monitoring

Dynamic Application Recognition and Plug-ins

NetDetector further improves modularity and scalability by using the Dynamic Application Recognition (DAR) mechanism and plug-in framework for network traffic recognition and processing. Port-based or TCP-based classification methods are insufficient to accurately identify the different types of traffic. The DAR recognition mechanism uniquely recognizes applications using signatures based on the payload as well as header information, providing the ability to identify all rogue applications and malware.

Integrated Anomaly and Signature-based IDS

NetDetectorNikOS Everest 5.0 offers an integrated anomaly and signature-based IDS for fast and accurate detection of intrusions and zero-day attacks. The anomaly-based detection utilizes user-defined and threshold-based anomalies. Apart from guarding proactively against new threats, integrated detection capabilities can be used retroactively on already captured traffic to identify existing victims of cyber attacks.

Application and Session Reconstruction

The application and session reconstruction feature provides the deepest forensics with hundreds of types of metadata. A network security analyst keen on quickly parsing through terabytes of data can utilize the new GUI in NikOS Everest 5.0 for both fast reconstruction and in-depth forensics. Full reconstruction of DNS protocol exchanges comes standard in NetDetectorNikOS Everest 5.0. This enables users to quickly and easily detect interactions with blacklisted DNS servers, which is often a precursor to sophisticated cyber attacks. It also provides faster tracing of occurrences of DNS spoofing or DNS Denial of Service attacks.

Unparalleled Security, Seamless Integration

OpenStack Ready
Flexible Deployment

With our award-winning NIKSUN Virtualization Solution, we can securely and seamlessly virtualize your data center to the cloud, and yet, maintain a non-disruptive, secure and scalable infrastructure. Whether its onsite, offsite, or roaming security – be assured that NIKSUN has you covered!

Did you know?

NIKSUN’s Virtual Solution maximizes performance and minimizes impact on business services with total visibility across your entire network.
Reducing complexity, the NIKSUN Virtual Solution delivers unified insight from a single console to give you a holistic view anywhere, at anytime.
“NIKSUN has established a foundation for their [Virtual Solution] to efficiently run on and leverage the latest features in Oracle VM to deliver superior value to customers.” – Oracle®

Technical Information

Network Interfaces Supported (Full-duplex, Half-duplex): 1GigE (copper/fiber), 10GigE (fiber) or 20/40/60/80/100GigE (fiber)

Protocols Supported: TCP, UDP, SCTP, IPv4, IPv6, fragmented IP, IEEE 802.3 (Ethernet), MPLS, VLAN (ISI, 802.1q and stacked 802.1q), DNS, ISO8583, GTP, SIP, CDMA 2000, RADIUS, Diameter and many more.

Applications Reconstructed: Several hundred, including voice, video, web, FTP file transfers, chats, email, images, NetBIOS, peer-to-peer, IRC, DNS, wireless (LTE, CDMA 2000, IMS), and desktop applications (Microsoft, Adobe, etc.).

Form Factors: A variety of 1U, 2U and 4U+ form factors are available. Internal storage scales to tens of terabytes. Unlimited external storage options are available.

Integration: Authentication – TACACS+, RADIUS, LDAP, Active Directory, and CAC. All NIKSUN products integrate with NIKSUN NetOmni™ Full Suite for enterprise-wide data aggregation, reporting and visualization.

Block "1834" not found

We will be happy to consult you and look forward to hearing from you!