NetWitness® Decoder is the cornerstone of the NetWitness NextGen™ infrastructure and the key component of an enterprise-wide network data recording solution. Decoder is a real-time, distributed, highly configurable network recording appliance that enables users to collect, filter, and analyze full network traffic in an infinite number of dimensions.

Unlike every other network recording or monitoring products on the market, Decoder fully reassembles and globally normalizes traffic at every layer for full session analysis. The patented Decoder represents a breakthrough in network traffic monitoring that dynamically builds a complete taxonomy of data across all layers and applications, including full packets. Decoder creates a definitive foundation of Total Network Knowledge™ that can be mined in real-time by the NetWitness® Investigator and Informer applications. For more advanced applications, users can leverage NextGen’s available API/SDK to build more organizational-specific applications which utilize Decoder and the NextGen infrastructure. Decoder represents the intersection of network metrics, rich application flow and content information that differentiates NetWitness® products from any other capabilities on the market.

Product Features:

• Linux-based, highly configurable, full packet capture and reassembly device
• Modular and fully upgradeable hardware platform across entire product line
• Indefinitely scales your collection infrastructure upon a distributed framework
• FlexParse™ enabled for rapid, user definable parsing and modeling
• Supports threat intelligence feeds that track BOTs, designer malware, darknets, proxies and fast flux networks, etc.
• Protocol and application exploitation: HTTP, FTP, TFTP, TELNET, SMTP, POP3, NNTP, DNS, HTTPS, SSL, SOCKS, SSH, Vcard, PGP, SMIME, DHCP, NETBIOS, SMB/CIFS, SNMP, NFS, RIP, MSRPC, Lotus Notes®, TDS(MSSQL), TNS(Oracle®), IRC, Lotus Sametime®, MSN IM, RTP, Gnutella, Yahoo Messenger, AIM, SIP, H.323, Net2Phone®,Yahoo Chat, SCCP (Cisco® Skinny), Bittorrent, GTALK, Hotmail, Yahoo Mail, GMail, TOR, Social Networking, Fast Flux and many others.
• FIPS(Federal Information Processing Standard) compliant SSL communications
• Expandable SAS storage capacity & supports SAN solutions
• Available API/SDK for custom application development
• Software-only solutions are available for Windows® and Linux

Deployment:
Place NetWitness® Decoder(s) wherever you want to capture traffic: egress, core, facility, or segment. They can be operated continuously or tactically and ingest any network capture feed from any source. Decoders are designed to interoperate with Investigator and Informer, as well as push data to central NetWitness® Concentrators for aggregated analytical views.

NetWitness® Appliance Models:

SKU	Interface	Storage	Rack Unit	Power	Weight
NWA 100-8D	One copper Ethernet 100/1000 for management One capture interface, copper	2TB Total Storage Not redundant	1 RU x 14" (D) x 1.75" (H) x 16.8" (W)	Single 260 (W) 120/240V	25 lbs
NWA 1200-16D	Two copper Ethernet 100/1000 for management Four capture interfaces, copper	12TB Total Storage Redundant with hotswap	2 RU x 27.75" (D) x 3.44" (H) x 17.6" (W)	Dual Redundant 850 (W) 120/240V autoswitch	66lbs

*All appliances are UL, FCC, CE and VCCI approved & RoHS Compliant

Call 703-889-8950 or contact sales@netwitness.com for more information about NetWitness® Decoder and other NetWitness NextGen™ products.