Sécurité réseau

VIAVI Network Security Tools provide complete threat hunting and incident response solutions.

Stop hackers with the VIAVI real-time threat hunting and security breach remediation solutions. Designed for enterprise networks, our solutions analyze traffic behavior over time and store conversations to provide a unique incident response process plan.

 

Learn more about Network Security Solutions from VIAVI, and get additional Network Security and Threat Hunting resources.

Produits

Observer Apex offre une fonction de score de l’expérience utilisateur qui s’intègre harmonieusement aux rapports de flux enrichis de GigaFlow et aux informations transactionnelles de GigaStor afin d’aider les équipes informatiques à fournir un service et des solutions de sécurité optimaux.
Le meilleur dispositif d’analyse et de capture des paquets du marché garantit la disponibilité de chaque conversation réseau pour la recherche de panne, la détection d’intrusions et les enquêtes technico-légales approfondies.
Observer GigaFlow transforme l’analyse des flux en combinant différentes sources de données relatives au trafic et à l’infrastructure, permettant ainsi une gestion des performances plus en profondeur et fournissant des données détaillées au niveau de la sécurité du réseau
Solution SaaS souple et rapide à déployer, ObserverLIVE permet aux équipes de surmonter les obstacles potentiellement associés aux environnements informatiques hybrides, tout en exploitant intégralement sa valeur commerciale.
Observer Analyzer
Optimisation des Performances. Réduction des Temps d'Interruption de Services. Observer Analyzer comprend les environnements virtuels (VM) complexes et gère les déploiements de Communications Unifiées, les performances du réseau, des applications et bien plus encore.
Grâce à la navigation aisée de l’interface utilisateur du serveur de gestion Observer, il devient facile d’effectuer des authentifications, de vérifier l’accès et les mots de passe des utilisateurs, d’administrer les mises à niveau et de rationaliser la gestion depuis un emplacement centralisé unique.

F.A.Q. about Network Cybersecurity Tools:

  • What is network security monitoring?

    It is the practice of viewing, collecting, and analyzing network traffic to identify and act upon anomalies. These anomalies could potentially be Indicators of Compromise (IOCs) within your network (i.e. a breach), so it is imperative for an organization’s security tools to contain network security monitoring capabilities that can deliver close to real-time detection of potential threats.

    VIAVI Observer grants NetOps and SecOps users with visibility into their network by performing both wire data and flow-based analyses on the traffic, making it a valuable addition to any organization’s network security monitoring tools.

  • What are network intrusion security monitoring tools?

    Typically, they include a real-time threat detection system that aggregates information from multiple sources, a system to automatically alert users in case of threats, and/or behavioral analysis techniques to identify anomalies in traffic patterns and user groups that are indicative of rogue activity.

    Observer offers each of these with the power of enriched flow and high-fidelity network security forensics.

  • Why is network intrusion security monitoring important?

    In the modern world, security threats are everywhere. The repercussions for a breach are higher than ever before. In fact, the average breach costs more than $8M and the reputational damage for an organization can go far beyond. The need to invest in your cyber arsenal has never been greater.

    That’s where Observer’s network security monitoring software comes in. Using advanced traffic profiling and IP blacklisting, Observer strengthens your defense by immediately identifying rogue activity and unauthorized devices. This helps with the proactive aspect of seeking out threats, but what about the reactive side?

    Observer’s wire-data capture, backed by full fidelity forensics, gives security and network teams near complete visibility into the network, and this wire data is critical. In fact, according to a recent EMA study, enterprises who used wire data as a part of their normal cybersecurity toolset had shorter breach detection and response times and more confidence in workflows and processes. This means higher satisfaction from operations teams, and more time available to focus on driving optimal service delivery.

  • Why is having more visibility using network security monitoring software important?

    It is more important than ever for an organization to listen to their network. 

    According to a study conducted by the Enterprise Strategy Group,  91% of IT professionals surveyed agree that visibility into endpoints, servers, and other parts of the network enhances security monitoring practices. This illustrates the need to compile data from many types of network infrastructure sources. Only in doing so can an organization hope to adequately depict a true “beginning-to-end” view of a breach as the potential attacker traverses the network, and this view is critical to security investigations.

    Indeed, attacks can come from the most innocuous of devices if they go untracked and are unauthorized. By listening to your infrastructure devices, Observer goes beyond traditional network security tools to help you understand what’s connected in your network and who is communicating across it. With Observer, it is easy to detect rogue activity across all your devices.

  • What security network traffic tools can the Observer platform offer you?

    As network speeds and volumes continue to scale, it’s critical that any packet broker can scale to accommodate this growth without losing any packets. With Observer, your network and security teams have access to one of the only third-party validated wire data capture tools in the market, with industry leading stream-to-disk speeds. This means giving your security and network teams access to the complete picture when performing remediations.

    But Observer goes beyond simply being a packet broker. In fact, Observer even offers automated threat assessment with three critical capabilities:

    • IP Blacklisting: Observer will automatically call home to obtain the latest blacklisted IPs, then checks it against all enriched-flow records over time. 
    • SYN Forensics: Observer can also alert on syn-only flow records, often associated with rogue activity.
    • Traffic Profiling: A core feature of Observer is to use the enriched-flow records to build a traffic profile of devices on the network. Profiles are maintained in real-time with all future network generated device traffic evaluated against past behavior for unusual or anomalous activity.  
  • How would Observer’s real-time threat map fit into your network security toolkit?

    With the VIAVI network security software, you can aggregate threat sources and destinations from profiled and blacklisted IPs into a real-time threat map, making it a valuable addition to your organization’s set of tools.

    This integrated threat map helps you drill down into specific network monitoring use cases such as:

    • What was the host or device communicating with earlier? 
    • Where is the rogue host/device now? 
    • Who was using the host/device? 
    • What device/interface information can we glean about the event?
  • Why is it important to be able to archive conversations? 

    In the event of a breach, it is imperative to have a record of data to aid in post-event investigations. That is where Observer’s full fidelity forensics comes in. With Observer’s full fidelity packet capture, coupled with complete enriched-flow records, we dynamically capture all relevant data including timestamp and location continuously over extended periods with over a petabyte of storage. 

    Because of this, IT teams can navigate to a specific event or anomaly in the past to troubleshoot and solve the problem by answering who it impacted and when, where, and how the incident occurred.

    Having the ability to do this with network security tools that monitor is especially important with the emerging privacy legislation like Europe’s General Data Privacy Regulation (GDPR) and California Consumer Privacy Act. With GDPR for instance, in the event of discovery of a breach, organizations that conduct business in Europe have just 72 hours to gather all breach-related information to the relevant regulator. This can be difficult if the breach happened further back than anticipated. However, with Observer’s archiving ability and wire-data capture, your organization will be assured to have wire data, enriched-flow records, and conversation metadata to report to any regulatory authorities.

  • What is the technology that powers Observer’s network cybersecurity software?

    Observer re-imagines traditional flow to deliver organizations with security monitoring use cases. By intelligently stitching together multiple sources of data into an enriched-flow record, Observer delivers accessible, expandable visualizations that lets users hover and sweep into User to IP to MAC relationships, usage patterns and more.

    Historically, NetFlow has been a powerful dataset to allow a security tool to collect information about the network, with things like source and destination IPs of a given packet, timestamps and more. Observer’s Enriched-Flow Records go far beyond regular NetFlow data, providing you with structured insights formed from stitching together data from multiple traffic and infrastructure sources – NetFlow, SNMP, user identity, and session syslog. 

    This way, a security analyst can search for a MAC Address of a device and from there find all related user IDs to that MAC Address all in one place, showcasing the power of network visibility that Observer’s flow-based analysis provides.

    There is another aspect of network visibility that is critical to remediation – one that is the perfect complement to enriched flow— and that is wire data. Observer’s wire-data capture powered by full-fidelity forensics provide critical packet-based insights to give NetOps and SecOps the information they need after a breach has been detected. Denial of service attacks where a threat actor intentionally disrupts the service of a host connected to the network can take weeks of remediation to get it back up and running properly. With Observer’s wire-data analysis, network and security teams are empowered to quickly pinpoint where and how the data has been compromised, domain isolation of the lack of service (be it application, network, client, or server), and even an end-user experience score calculated by over 30 KPIs per socket to ensure that restoration of functionality is as quick and streamlined as possible.

  • What are real world examples of how network security monitoring can help an organization?

    One example can be illustrated in a 2019 report of a breach which compromised data related to the Mars mission in NASA’s Jet Propulsion Laboratory (JPL).

    In June 2019, a malicious actor targeted an unauthorized Raspberry Pi device to access the JPL network in Pasadena, CA. This hacker went undetected for 10 months, and in the process exfiltrated  approximately 500 MB of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission.

    How did this happen? Especially since the Information Technology Security Database at JPL tracks physical assets and applications on the network? Well, this Raspberry Pi didn’t have the required review and approval but was still connected. 

    This begs the question. How could this have been prevented? The answer can be found in Flow data. Flow-based analysis could have been used to capture information for any device connected to the network, not just a particular set of devices. But not just any flow data. Traditionally, flow is used to aggregate protocol and conversation “frequency” or “counts” but with enriched-flow records, VIAVI can help you answer what’s connected and who’s communicating in your whole network. The enriched flow of the future can stitch together information about MAC addresses, and even user ids to a given IP address.

    We can break down the types of sources that feed into enriched flow into four major categories:

    • Flow Sources: Routers, Switches, Load Balancers, Packet Brokers, Wireless AP’s, Firewalls, VPNs, Proxy Servers, WinFlow
    • Device Sources: SNMP/ARP/CAM, SNMP/WMI, LDAP, IPAM/Asset/MDM, SD-WAN Controllers
    • Cloud Sources: AWS, Azure, Google Cloud
    • User Sources: Domain Servers, Authentication Servers

    With enriched flow, we would have visibility into that tiny Raspberry Pi and every conversation that device is having on the network. Specifically, Observer’s enriched flow records can give you insights into the following:

    • Network Device Type Information
    • Interface Information
    • Quality of Service Marking
    • IP to MAC to User relationships
    • Traffic Control Groups
    • Usage Patterns
  • How can VIAVI Solutions Professional Services experts help you configure Observer as a part of your network security toolkit?

    The VIAVI Professional Services ensure that you get the most out of your VIAVI network security tools. Our Professional Service Engineers serve as Subject Matter Experts in software deployment, configuration, and training.

    Professional Services consists of four phases:

    • Discovery: We work with you to record requirements and expectations.
    • Planning: We discuss different Observer deployment prerequisites based on your network security monitoring and performance needs and draft an SOW
    • Execution: We come on-site to assist with deployment and configuration
    • Training: We provide custom-tailored training requirements for different network security monitoring and performance use cases as needed
  • The Value of an On-Site Professional Service Engineer

    We provide our customers with a Project Manager and Professional Service Engineer for each on-site visit to engage with our customer and deliver distinct client value. Together, our Professional Services teams:

    • Deliver Observer network security monitoring and performance training for administrators and users
    • Identify and work through new network security monitoring and performance use cases to help you get the most out of Observer
    • Discuss the most important aspects of Observer and get you up-to-speed on using the product
    • Collaborate with engineers across your departments for custom network security software application development
    • Deliver daily updates and documents on all configuration and network security monitoring use cases discussed during training
    • Provide knowledge transfer on opening a support case and accessing Observer online training.

 

Continue your education on information security & network security tools!

Are you ready to take the next step with one of our network tools or solutions? Complete one of the following forms to continue:

Explore plus

What is Network Security?

Livre blanc

How to Use Wire Data for Security Forensics

Webinar

Security for Network Teams Webinar Series

Suivi à chaque étape

Nous assurons l’assistance, les services, des formations complètes ainsi que les ressources qu’il vous faut. Tout cela dans le but de maximiser la valeur de vos investissements VIAVI.

Services

Des prestations de service à valeur ajoutée qui optimisent le retour sur investissement de votre solution système et de votre gamme d’instruments VIAVI"

Service clientèle

Un service client qui émet les autorisations de retour de matériel (Return Material Authorization, RMA) pour les réparations et la calibration.

Formation

Des solutions de formation technique, une formation à l’utilisation des produits et un enseignement mixte pour les techniciens qui utilisent de nouveaux produits ou travaillent avec les outils existants

Assistance technique

Le centre d’assistance technique de VIAVI peut vous aider à utiliser/configurer vos produits ou à résoudre des problèmes liés aux performances des produits

Interrogez un expert

Contactez-nous pour de plus amples informations ou pour recevoir un devis. Nos experts sont là pour répondre à toutes vos questions.