Performance management strengthens IT security
An Integrated Solution
Using the Cisco IPS, FirePOWER, teams can now take advantage of the long-term packet capture capabilities of Observer GigaStor without leaving the application. Using the integrated workflow engineers quickly navigate from a snapshot view of the FirePOWER-triggered event to replay the entire attack in full context of all network and application activities. These workflows are valuable for investigating attack origins, identifying compromised data, understanding hacker behavior, and fine-tuning IPS signatures.
How It Works
The integration uses a REST API to create a workflow from the FirePOWER Management Center intrusion prevention system (IPS), to long-term packet capture appliance, GigaStor. When FirePOWER detects a threat, security professionals investigating the potential attack can review network and application traffic specific to their investigation. This includes all the packets on the wire before, during, and after an event occurred.
The integration provides teams with a comprehensive, intuitive approach to:
- Improve awareness at the time of an IPS alert with a full record of network activity
- Rule out false positives to save time and zero-in on critical issues
- Easily access hard-to-find packet data from a single console
About Security Forensics
Security investigations are facilitated by the integration with a focus on improving the time it takes to recognize threats. From the first IPS alert or suspicious event, packet data is extracted and analyzed to determine its source. Identifying anomalous traffic and tracking this activity allows both network and security teams to better understand the event and take necessary steps to remediate. This also enables the enterprise to reduce costs associated with large-scale data breaches and diversify IT spends between network and security teams.