Review: CyberGauge 7 Monitors, Pinpoints, Corrects Network Snafus
Neon Software may very well have the product to meet those inquiries in the form of its CyberGauge network monitoring tool. Now in version 7, CyberGauge once again proves that it is up to snuff when it comes to identifying bandwidth usage. While previous versions of the product performed monitoring chores quite well, version 7 brings a plethora of new features, yet still makes ease of use the cornerstone of the product.
The major purpose of CyberGauge version 7 is to monitor network bandwidth usage with the intent of preventing network components from being overloaded or to pinpoint a problem early enough for a solution to be implemented. The product supports all versions of Windows, but running CyberGauge as a service requires Windows 2000 with Service Pack 4, Windows XP or Windows Server 2003.
How is network monitoring related to security? Simply put, security engineers can quickly identify zero-day events, such as hijacks, zombies or denial-of-service attacks. The product allows administrators to trend network activity from each monitored device and then use that information to build alerts. Alerts can be triggered by a number of events and are used to inform administrators in realtime what is happening on the network. For example, an FTP server can be monitored and if the traffic to that server suddenly increases, it could be because the device has been compromised. Most security products would not detect or prevent in that situation, especially if stolen credentials have been used to access the device. The same holds true for any remotely accessed device.
Because traffic is monitored based on a device's connection, the product proves useful as a tool for identifying the insider threat, in which an internal individual starts to download large amounts of proprietary information, for example, or has obtained access to a system not normally associated with their job function.
CyberGauge 7 can be configured as a Windows service under Windows 2000, XP and 2003. Running CyberGauge as a service means that any user can log into the CyberGauge system, and if the system restarts for any reason, monitoring will continue automatically. The Alert System, which is customizable, offers alert limits and other triggers. Cascading Alert Limits allow administrators to configure alerts for specific time frames.
Alerts can be set to notify specific personnel depending on the time of day, day of the week or other criteria. For instance, an alert will be sent if bandwidth usage falls below specified levels during the workday, but no alert will be sent if the same situation occurs at night. Alerts also can launch an application file or play a sound when an alert condition is met. CyberGauge also offers instant reports for any monitored interface and time period. That provides an early warning of a potential problem before users even notice anything is wrong.
In addition to monitoring network bandwidth, CyberGauge creates realtime bandwidth usage graphs; daily, weekly and monthly quality of service (QoS) updates; and billing reports in Microsoft Excel spreadsheet format. The tool automatically dates and time-stamps these reports. The reports focus on uptime, total utilization, traffic distribution and percentage billing information. They contain JPEG images and utilization graphs and can be generated in HTML and text formats. To help eliminate confusion, CyberGauge also can combineor bondnetwork interfaces to form a single virtual interface.
QoS is becoming even more important with the introduction of streaming video, VoIP and other session-driven communications. That is another area where CyberGauge proves to be a valuable ally.
CyberGauge works with any SNMP-based device, including routers, switches and servers. Compatible devices must support SNMP MIB II, and administrators must log on to each device separately. New devices are easily added by clicking on the Add Device button in the CyberGauge management window. Version 7 adds SNMPv2 and SNMPv3 capabilities, along with the ability to export graphs to JPEG files to the product's bandoleer of capabilities. Administrators will find features such as event logs, syslog alerts, low bandwidth alerts simple to use and well-documented.
Installation of the product consists of little more than using an installation wizard. Once installed, the product offers a straightforward interface to locate devices and their network interfaces by IP address. Once a device is located, users then can set up the type of SNMP monitoring to use and label the devices.
While using IP addresses is a simple way of locating devices, an auto-discovery wizard that scans a subnet would be a welcome addition to the product. That feature would enable a solution provider to drop a notebook into a network to quickly diagnose bandwidth issues.
Neon Software's two-level channel program provides average margins of 30 percent. Pre- and post-sales support is provided, including joint customer calls, product documentation and marketing materials. Technical training is available by telephone and over the Web. Technical support is available for resellers via a toll-free number between 9 a.m. and 5 p.m. PST.
Partners have access to demo software and the company will drop-ship products directly to end customers if partners desire. Partners also can resell Neon Software products on their own Web sites after setting up an agreement with the company.