Recent high-profile attacks have underscored the need for more robust security strategies, specifically an effective enterprise-level forensics backstop. The average successful breach can take months to detect and if you haven’t been capturing traffic, you won’t always know the entry method - or the extent of the damage.
No Packet Left Behind
To defend multiple access points while maintaining convenience for lawful users, data protection must be multi-faceted. Along with firewalls, IDS, and DLP, effective security solutions must include forensics capabilities, especially for APTs and other malware that have already breached the perimeter.
Network teams that have leveraged this capability as part of their network performance monitoring and diagnostics (NPMD) tools can partner with security teams to close the loop, providing critical packet-level forensics data.
With the Observer Platform from Viavi Solutions enterprise teams can:
- Capture packet-level data useful in recreating actual traffic, ensuring they miss nothing in the investigation of a breach or network event
- With a number of form factors, select the configuration that’s right for the organization, from a few terabytes to over a petabyte of capture capacity
- Choose from rack-mount, portable, and software options to capture and analyze traffic at the edge or in remote locations
Set baselines and alerts to ID anomalous traffic in real-time or back-in-time with easy-to-use interfaces built on sophisticated analysis algorithms
- Quickly understand key attack details, how it was perpetrated, exploits used, and which systems or intellectual property were compromised
- Use web-based trace extraction to integrate with complementary third-party real-time security tools. GigaStor is now certified to work with Cisco FirePOWER IDS solution and can easily work with other products that can interface via REST API.
Successful network forensics and breach investigation includes post-event access to all the packets traversing the network.
The Observer Platform helps ensure that every packet is captured and available for post-event investigations. Breaches and compromised resources can be quickly identified by replaying traffic and applying extensive analytics to the packets. Possessing these capabilities can mean the difference between missing the breach entirely and effectively identifying a hacker.