Concentrator & Broker
As an enterprise, can you track malicious and anomalous activity and trends across all network assets? Are there relationships between unexplained network activities across your organization? How can you continuously monitor the effectiveness of your security controls?
NetWitness® Concentrator and Broker are high performance Linux-based network appliances that extend the reach of NetWitness NextGen™ across your entire enterprise, and facilitate real-time and historical reporting and alerting. For the first time, comprehensive network and application layer detail can be aggregated and analyzed across multiple capture locations and made available to NextGen’s analytic applications, Informer and Investigator. NetWitness Concentrators aggregate clusters of NetWitness® Decoders in real-time, and NetWitness Broker provides a real-time, single, hierarchical enterprise view across your entire network. NetWitness® Live, fully integrated in the NetWitness infrastructure, provides users full content analysis of network threat intelligence from multiple, globally-distributed threat intelligence sources.
NetWitness Concentrator is designed to aggregate data hierarchically for ultimate scalability and deployment flexibility across various organization-specific network topologies and infrastructures. As a result, Concentrators can be tiered in deployments to give visibility into multiple capture locations.
NetWitness Broker also is designed to operate hierarchically; however, its function is to broker queries across an entire enterprise deployment. Broker provides a single point of access to NextGen data and is designed to operate and scale in any network environment, independent of network latency, throughput, or data volume.
Concentrator and Broker are fully compatible with all NetWitness analytical products. For more advanced applications, users can leverage NextGen’s available API/SDK to build organizational-specific applications which utilize the NetWitness NextGen™ infrastructure.