NetMon is available as an appliance or a virtual machine within your network. You can add it to New-Scale or LogRhythm SIEM deployments.
NetMon
Monitor your organization’s network traffic and gain real-time visibility into your LogRhythm or New-Scale Security Operations Platform deployment.
Request a Demo Read the Data Sheet4700+
applications with True Application Identification
10Gb/s
network inspection speeds
2.5Gb/s
network capture speed
NETWORK VISIBILITY
Identify Suspicious Activity Quickly
NetMon identifies and categorizes traffic from nearly 5,000 applications using True Application Identification advanced classification and deep packet inspection.
- Packet metadata captured from every session
- Layer 3–7 packet capture in industry-standard PCAP format
- REST API support for custom integrations and automation
RISK MONITORING
Automate Threat Detection
Use ready-made rules or tailor Deep Packet Analytics (DPA) scripts to your environment. Saved searches, automated alerts, and customizable dashboards help you stay ahead of issues, while SmartCapture™ preserves the packet details you need for accurate investigations.
POWERFUL SEARCH CAPABILITIES
Accelerate Investigations
Search across packet and flow data to surface what you need faster. Rebuild email attachments for malware analysis and monitor for data movement that could indicate risk.
UNDERSTAND YOUR NETWORK ACTIVITY
Apply Deep Packet Analytics
DPA builds on the NetMon Deep Packet Inspection (DPI) engine to interpret traffic at scale, including detection of PII, credit card information, port and protocol mismatches, and other indicators of compromise.
How can we help? Talk to an expert.
Contact UsFrequently Asked Questions
How is NetMon deployed?
Is NetMon fully integrated with Exabeam?
Yes. NetMon acts as a log source for LogRhythm SIEM and New-Scale deployments, analyzing traffic and extracting key attributes such as application, IP addresses, and traffic volume. LogRhythm SIEM can access PCAPs directly from NetMon for faster response. New-Scale Platform users can incorporate NetMon data into the platform interface, with a dedicated NetMon interface available for deeper visualization.
What is Deep Packet Analytics (DPA)?
DPA expands on DPI to provide detailed visibility into network traffic, identifying sensitive data, protocol anomalies, and other signs of inappropriate movement. It continuously correlates packet payloads and metadata using prebuilt or custom rules, allowing you to automate detection previously limited to manual packet review.
What is Deep Packet Inspection (DPI)?
The DPI engine identifies and categorizes thousands of applications and populates thousands of metadata fields. It extracts Layer 3-7 data using pattern matching, heuristic modeling, and signature-based methods.
What is SmartCapture?
SmartCapture automatically captures sessions based on application attributes or packet content. This targeted capture reduces storage needs while preserving the information required for effective investigations.
“With NetMon, we’ve materially improved our defense, detection and response capabilities for multiple secure data environments.”
-
-
Erin Osminer
Network Engineer | StoneRiver
Learn More About Exabeam
Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.
See Exabeam in Action
Request more information or request a demo of the industry’s most powerful platforms for threat detection, investigation, and response (TDIR).
Learn more:
- If self-hosted or cloud-native SIEM is right for you
- How to ingest and monitor data at cloud scale
- How monitoring and analyzing AI and automated agent behavior uncovers risky non-human activity
- How to automatically score and profile user activity
- See the complete picture using incident timelines
- Why playbooks help make the next right decision
- Support compliance mandates
Award-Winning Leaders in Security
