Mazu Profiler is a Network Behavior Analysis (NBA) engine; a hardware appliance with the ability to examine a network's existing activity and interactions and alert appropriate personnel when "meaningful" deviations to typical activities occur; such as traffic spikes or the introduction of new devices or applications onto the network. Additionally, the product can be used as a forensic tool for network and/or security administrators; providing as it does views into both real-time and historical metrics for network activities. The vendor states that their analysis engine reaches into users, applications, hosts, and devices; enabling admins to know what behavior is typical for each such entity as well as notifying them as to changes in that typical behavior.

Mazu Profiler is an agentless platform, collecting its data via Flow analysis (NetFlow, IPFIX, sFlow, JFlow) from existing routers and switches. Such data can be accessed and examined directly through the product's own Web-based interface, and additionally the vendor boasts direct integrations with better than 30 products--including Network Management Systems, Security Event Management systems, and Intrusion Prevention Systems--enabling those systems to benefit from the additional insight provided by Mazu Profiler (providing an NMS, for example, the ability to take a particular action based on a deviation in typical behavior; or an SEM the ability to take an action based on the detection of a new service in a particular subnet of the network) and/or enabling specific features of those 3rd party systems to be reachable from directly within Mazu Profiler. For those systems that are not directly integrated, a Flow API provides programmatic access to the product's behavior analysis data.

In addition to routers, switches, NMSs, and SEMs, other types of 3rd party platforms offering integrated capabilities with Mazu Profiler information include vulnerability scanners, CMDBs, probes, and identity management tools. The platform, according to the vendor, can scale for use on any size network.

Other features of the product include support for the analysis of interface and application heuristics (enabling alerting on events such as drops/surges in interface traffic, or the introduction of new or loss/slowness of existing applications); the ability to toggle between detail and summary views of user networks; support for "targeted views," or the ability to see network behavior by host, interface, application, or user; support for identity-based user policies (as opposed to IP address-based rules); and support for URL-based application definition.

Mazu Profiler is offered in one of three formats: Mazu Profiler Express and Mazu Profiler Standard are both 2U boxes, while the high-end system is IBM Blade Center-based. The device is deployed passively on the network. Additional components--the Mazu Regional Gateway and the Mazu Application Sensor--can also provide metrics to the Mazu analysis platform. The Gateway collects and forwards flow data from a set region of the network; while the Application Sensor is deployed off of a SPAN/TAP, where it converts traffic to flow data and sends it on to the Profiler.

New features in the latest release of Mazu Profiler include:

- The ability to identify and alert on network round trip times and server delay statistics

- WAN optimization reporting

- ACL-based mitigation features; enabling admins to block systems or threats via granular ACL creation

Mazu Profiler is available now; pricing starts at $35,000. Visit the Mazu Networks Web site for further information.