Messaging Newswire
Follow Us on Twitter
Facebook Page
Google Plus Page
RSS feeds
Network Forensics—Beyond Evidence to a New Platform that Empowers all Security Tools
Widgets & RSS FeedsNetwork Forensics (NF) has matured in recent years to play a critical role in defending against the increasing number of advanced threats. Previously, NF focused on basic network packet capture to gather evidence to prove a security event—useful to lawyers prosecuting or pursuing recompense for corporate or individual damages. Today’s NF is something altogether different, quickly becoming an invaluable asset that any organization can use. It goes beyond raw packet capture to now deliver critical insight to any and every type of network security incident and enable Next Generation Threat Prevention.
Much like a 24/7 surveillance camera, NF records and stores every packet of network traffic, providing a record of any network activity. NF has been a critical tool for skilled analysts at government agencies to capture historical views of their networks in order to determine the scope of damages from cyber threats and network breaches. With a complete record of network traffic, they can see exactly what happened before, during, and after a security incident or attack.
Today’s high-profile network breaches and cyber threats make it clear that many attacks are unpreventable and that the frequency of attacks are growing at a phenomenal rate.
NF may have had limited use in the past, but advancements in capture speed, indexing, classification and reconstruction have made it an easy-to-use solution for anyone charged with securing the network and information assets. The new NF exposes what’s happening on the network in clear visuals we all can recognize and understand, helping security professionals significantly reduce incident response time. Response teams now have real-time views of security incidents and full reconstruction of network artifacts. Raw packet data is instantly transformed into real evidence like a Word document that was delivered as an email attachment complete with a payload of identified malware; or an IM conversation revealed as an exchange that has enabled the propagation of a botnet within the organization. These are invaluable views into the network that security professionals can’t afford to be without. The new NF now means real-time and immediate threat awareness, accelerated time to remediation, prevention of future threats, and keeping persistent threats off the network. As email, IM and social media continue to be the most frequently used vectors for network threats and malware, NF helps to maintain an edge against outside attacks.
NF also provides immediate visibility into insider threats. With complete real-time and historical network capture of everything that happens on the network, detailed evidence is now clearly revealed as the exact documents, applications and data involved if someone consciously or inadvertently compromises network security. This level of situational awareness is important not only to network managers and email and messaging administrators, but also to Human Resources and individual department managers. Evidence now is delivered quickly and in an easily understood form that enables immediate and complete remediation.
Most organizations have invested heavily in security using DLP, IPS/IDS, SIM/SIEM, and other tools. Today’s NF has become a technology that can serve any security tool, making them more intelligent and thus more effective. By providing real-time and historical visibility into any security incident, NF today is a platform for next generation threat prevention.
About Peter Schlampp, Vice President, Marketing and Product Management, Solera Networks
Schlampp brings a keen understanding of the network security and infrastructure industries with more than a decade of product development and marketing expertise in the enterprise, government and education markets.
