Review: CyberGauge 7 Monitors, Pinpoints, Corrects Network Snafus

The days when users could plug in a security appliance and expect their networks to be completely protected are behind us. Today's interconnected networks require a lot more than throwing software and devices at the security issue; network managers need to know exactly what is going on in the network, where the bandwidth is being consumed and which devices are doing what and when.

Neon Software may very well have the product to meet those inquiries in the form of its CyberGauge network monitoring tool. Now in version 7, CyberGauge once again proves that it is up to snuff when it comes to identifying bandwidth usage. While previous versions of the product performed monitoring chores quite well, version 7 brings a plethora of new features, yet still makes ease of use the cornerstone of the product.

The major purpose of CyberGauge version 7 is to monitor network bandwidth usage with the intent of preventing network components from being overloaded or to pinpoint a problem early enough for a solution to be implemented. The product supports all versions of Windows, but running CyberGauge as a service requires Windows 2000 with Service Pack 4, Windows XP or Windows Server 2003.

How is network monitoring related to security? Simply put, security engineers can quickly identify zero-day events, such as hijacks, zombies or denial-of-service attacks. The product allows administrators to trend network activity from each monitored device and then use that information to build alerts. Alerts can be triggered by a number of events and are used to inform administrators in realtime what is happening on the network. For example, an FTP server can be monitored and if the traffic to that server suddenly increases, it could be because the device has been compromised. Most security products would not detect or prevent in that situation, especially if stolen credentials have been used to access the device. The same holds true for any remotely accessed device.

Because traffic is monitored based on a device's connection, the product proves useful as a tool for identifying the insider threat, in which an internal individual starts to download large amounts of proprietary information, for example, or has obtained access to a system not normally associated with their job function.

CyberGauge 7 can be configured as a Windows service under Windows 2000, XP and 2003. Running CyberGauge as a service means that any user can log into the CyberGauge system, and if the system restarts for any reason, monitoring will continue automatically. The Alert System, which is customizable, offers alert limits and other triggers. Cascading Alert Limits allow administrators to configure alerts for specific time frames.