Search form

Upcoming Webinars

Achieve in-depth insights into your infrastructure and minimize downtime
May 09, 2024
What's New at Catchpoint! Spring 2024 Product Launch Event
May 22, 2024
Redefining bandwidth monitoring for hybrid IT
June 06, 2024

On-Demand Webinars

Master Class: Optimizing CX through 4 Pillars of Internet Resilience
Avoid Observability Failure: Hybrid Enterprises Must Complement APM with Internet Performance Monitoring
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
Master Class: Monitoring from Your Users' Perspective
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
The SRE Report 2024: What the Charts Don't Tell You
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Countering Internet Complexity with AI-Powered Internet Performance Monitoring
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan
Don't Get Lost in the Cloud
SOLD IN 6 SECONDS: Formulas to Fast & Friction-Free E-commerce
Supercharge Your IT Resources
Automate and Save Time
Maximize Shareholder Value with Internet Resilience
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Preventing Outages: Map Your Internet Stack

All Webinars...

Analyst Reports

Modern Enterprises Must Boost Observability with Internet Performance Monitoring
GigaOm CxO Decision Brief: Internet Resilience, May 2023
2023 Gartner Critical Capabilities for APM and Observability
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring

All Analyst Reports...

White Papers

Network traffic analysis for today's IT
The SRE Report 2024
The 2024 Observability Landscape — a survey of observability decision-makers
2024 State of IT Operations Report: Journey to Agility
How IT leaders can drive more with less
A comprehensive guide to enhance performance and reliability in your storage systems
An IT leader's enterprise guide to drive more with less
Website monitoring in Applications Manager
Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report
Database Monitoring for Beginners: 6 Steps to Get You Started
6 Best Practices for Application Performance Monitoring
Visibility, Scalability, Security: Why IPAM Is the Cornerstone of Robust Data Centers
Real-Time Server Traffic Monitoring: Benefits, Best Practices and NetFlow Analyzer
Key Considerations When Choosing the Right Application Performance Monitoring Tool for Your Business
Apache Cassandra Monitoring: Challenges and Solutions
Streamlining Configuration Management: Unleashing the Power of OpManager's Module
OpenShift Monitoring: Five Crucial Elements to Look Out for
Apache Tomcat Monitoring Made Easy with Applications Manager
End-User Experience Monitoring: Its Meaning, Importance, and Best Practices
5 Steps to Improve Website Performance
Learn the Importance of Network Backup Tool
IT Budgeting Amid a Challenging Macroeconomic Climate
Network Configuration Manager as an Add-On to OpManager
State of ITOM in 2023
The 2023 State of IT Operations Report
Going Beyond Plain Virtualization Monitoring
Preventing Outages in 2023: What We Learned from Recent Failures

All White Papers...

5 Ways to Use APM for Post-Event Security Forensics
December 12, 2014

Brad Reinboldt
Network Instruments

Share this

Most security experts agree that the rapidly changing nature of malware, hack attacks and government espionage practically guarantees your IT infrastructure will be compromised. According to the 2014 Cost of Data Breach Study conducted by the Ponemon Institute, the average detection, escalation and notification costs for a breach is approximately $1 million. Post-incident costs averaged $1.6 million.

Once an attacker is within the network, it can be very difficult to identify and eliminate the threat without deep-packet inspection. The right Application Performance Management (APM) solution that includes network forensics can help IT operations deliver superior performance for users, and when incorporated into your IT security initiatives, deep packet inspection can provide an extra level of support to existing antivirus software, Intrusion Detection System (IDS) and Data Loss Prevention (DLP) solutions. The ability to capture and store all activity that traverses your IT infrastructure acts like a 24/7 security camera that enables your APM tool to serve as a backstop to your business’ IT security efforts if other lines of defense fail.

To use APM solutions for security forensics for post-event analysis, you must have a network retrospective analyzer that has at least the following capabilities:

■ High-speed (10 Gb and 40 Gb) data center traffic capture

■ Expert analytics of network activity with deep packet inspection

■ Filtering using Snort or custom user defined rules

■ Event replay and session reconstruction

■ Capacity to store massive amounts of traffic data (we’re potentially talking petabytes) for post-event analysis

Like utilizing video footage from a surveillance camera, captured packets and analysis of network conversations can be retained and looked at retrospectively to detect, clean up and provide detailed information of a breach. This back-in-time analysis can be especially important if the threat comes from within, such as a disgruntled employee within a company firewall. It also allows companies to determine exactly what data was compromised and help in future prevention.

Below are five ways to use network monitoring and analysis to investigate breaches:

1. Identify changes in overall network traffic behavior, such as applications slowing down that could be a sign of an active security breach.

2. Detect unusual individual user’s account activity; off-hour usage, large data transfers, or attempts to access unauthorized systems or services — actions often associated with disgruntled employees or a hacked account.

3. Watch for high-volume network traffic at unusual times, it could be a rogue user in the process of taking sensitive data or stealing company IP.

4. View packet capture of network conversations to determine how the breach occurred and develop strategies to eliminate future threats by strengthening the primary IT security.

5. Discover what infrastructure, services, and data were exposed to aid in resolution, notification, and regulatory compliance.

By incorporating retrospective network analysis, companies can use their network monitoring as a back stop to IDS and DLP solutions, and accelerate detection and resolution.

Brad Reinboldt is Senior Product Manager for Network Instruments, a division of JDSU.
Share this

Related Links

www.networkinstruments.com

Hot Topics

APM
Cybersecurity

The Latest

Public Sector Renews Focus on Employee and Citizen Digital Experiences
May 13, 2024

Government agencies are transforming to improve the digital experience for employees and citizens, allowing them to achieve key goals, including unleashing staff productivity, recruiting and retaining talent in the public sector, and delivering on the mission, according to the Global Digital Employee Experience (DEX) Survey from Riverbed ...

As CIOs Address App Sprawl, Observability Can't Be an Afterthought
May 09, 2024

App sprawl has been a concern for technologists for some time, but it has never presented such a challenge as now. As organizations move to implement generative AI into their applications, it's only going to become more complex ... Observability is a necessary component for understanding the vast amounts of complex data within AI-infused applications, and it must be the centerpiece of an app- and data-centric strategy to truly manage app sprawl ...

In a Productivity Paradox, How Can Companies Prove the Value of Their Software Investments?
May 08, 2024

Fundamentally, investments in digital transformation — often an amorphous budget category for enterprises — have not yielded their anticipated productivity and value ... In the wake of the tsunami of money thrown at digital transformation, most businesses don't actually know what technology they've acquired, or the extent of it, and how it's being used, which is directly tied to how people do their jobs. Now, AI transformation represents the biggest change management challenge organizations will face in the next one to two years ...

6 Ways Generative AI Will Impact Data Management
May 07, 2024

As businesses focus more and more on uncovering new ways to unlock the value of their data, generative AI (GenAI) is presenting some new opportunities to do so, particularly when it comes to data management and how organizations collect, process, analyze, and derive insights from their assets. In the near future, I expect to see six key ways in which GenAI will reshape our current data management landscape ...

AI Creates "Disrupt or Die" Era
May 06, 2024

The rise of AI is ushering in a new disrupt-or-die era. "Data-ready enterprises that connect and unify broad structured and unstructured data sets into an intelligent data infrastructure are best positioned to win in the age of AI ...

Gartner: Organizations Are Evolving D&A Operating Model Because of AI
May 02, 2024

A majority (61%) of organizations are forced to evolve or rethink their data and analytics (D&A) operating model because of the impact of disruptive artificial intelligence (AI) technologies, according to a new Gartner survey ...

Gartner: Top Trends in Data and Analytics for 2024
May 01, 2024

The power of AI, and the increasing importance of GenAI are changing the way people work, teams collaborate, and processes operate ... Gartner identified the top data and analytics (D&A) trends for 2024 that are driving the emergence of a wide range of challenges, including organizational and human issues ...

The Disconnect Between IT and the Business
April 30, 2024

IT and the business are disconnected. Ask the business what IT does and you might hear "they implement infrastructure, write software, and migrate things to cloud," and for some that might be the extent of their knowledge of IT. Similarly, IT might know that the business "markets and sells and develops product," but they may not know what those functions entail beyond the unit they serve the most ...

The High Cost of Low Cloud Cost Visibility
April 29, 2024

Cloud spending continues to soar. Globally, cloud users spent a mind-boggling $563.6 billion last year on public cloud services, and there's no sign of a slowdown ... CloudZero's State of Cloud Cost Report 2024 found that organizations are still struggling to gain control over their cloud costs and that a lack of visibility is having a significant impact. Among the key findings of the report ...

AI, Security, and Sustainability Are Major Drivers for IT Modernization
April 25, 2024

The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to the Enterprise Cloud Index (ECI) report from Nutanix ...