Search
Search suggestions
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt

Network Forensics

Reduce blindspot to threat actors
Continuous network monitoring and threat hunting, together with real-time detection and investigation, are crucial in combating emerging cyber threats.

Network Packet data is often considered as the cyber source of truth. Packets on the wire are least susceptible to tampering and become the best way of investigating issues or, detecting threats/malware from the original content.

PacketWorker NF supports investigation activities by making available full extent, origin and, scope of an attack and, enabling creation of in-house threat intelligence. Enhance cyber resilience with Network Forensics against the inevitable attack. Leveraging full data capture, SecOps teams make quality decisions to exterminate threat actors.

perception 240-03

Data enrichment

Extensive data enrichment resulting in comprehensive context availability to help speed up incident analysis. Session and contextual metadata for granular enrichment.

Powerful content analysis

Built-in powerful content management tools to ease analysis and eliminate dependence on third-party software delivering an improved value while investigations or threat-analysis.

Retrospective analysis

Back in time for better analysis to determine root-cause and, assess impact to business assets. Time-step to represent network activity into controlled sequence of events for easy analysis

perception 240-03

Improve Security Effectiveness

Powerful capabilities to enable defenders improve security posture by testing newer updates/upgrades to network security tools using packet-data captured by leveraging playback capabilities.

Integrate and Conquer

Integrate with Security Monitoring Infrastructure to allow for real-time view of the relevant details and insights into user activity for better triage.

Title

Sub-Title

Title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s

Title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s

Title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s

Title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s

Title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s

Title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s

Use Cases

Cybercriminals will start with anything they can get their hands on, then move on to your valuables. The network is the most reliable data source for detecting intruders moving east-west through your network.

Encrypted Traffic Analytics

Encryption isn’t just limited to SSL/TLS. Often, it’s found that the actual data isn’t accessible because of application-level encryption or obfuscation. It is important to be able to use the network metadata to identify the strengths/weaknesses of the encryption technology running in the network. It also helps identify the actors using encrypted communication, the profile of communication, detect application leaks, fingerprint devices/OS and, client/server using special code logics in the product. It gives greater insight into the underlying nature of encrypted communication and assists analysts in detecting security risks.

Threat Analytics

With its Natural Language Processing ability that mines all communication chatter to identify and provide insight into people, organizations, events and, places; the PacketWorker natively provides a platform to avoid content inspection. Instead, it helps look at the metadata using analytics or visualization tools and detect malicious insiders or, perform DNS Threat Analytics to identify suspicious domains or activities where DNS traffic is being used for data hoarding or exfiltration.

Communication Preservation Forensics

Network and security administrators need to be able to recognize the actual data transferred in the network and determine the content for further investigation, extraction of documents, images, binary data, etc. and allow for similar documents, etc. to be discovered using simple search which is a must for retrospective analysis of any anomaly detected

Incident Response

Speed of response is critical when responding to an incident. Depending on the nature, the “Incident” may not yet be the incident it is assumed to be. Nevertheless, it is important to quickly ascertain the facts and confirm. PacketWorker for Network Forensics proves to be an effective tool by enabling careful monitoring of the effectiveness of response measures.

DNS/Passive DNS

Data from Domain Name System (DNS) queries and responses can provide a wealth of information about unusual or suspicious network activity. Network Forensics gather layer 7 enriched meta-data for various application protocols, including DNS. This provides an organisation with actual DNS monitoring and a passive DNS data collection system without needing additional technology or hardware investment.

Actionable Intelligence

Actionable intelligence can help enrich and mature a security operations programme as well as improve intrusion detection. Many details go into leveraging intelligence, but one of the most important ones is the existence of reliable data of record. There are two time-based aspects – historical and ongoing. To properly leverage intelligence, there needs to be a scalable network forensics solution that can record all network data at high speed and also make that data and meta-data available for analysis.

Encrypted Traffic Analytics

Encryption isn’t just limited to SSL/TLS. Often it’s discovered that despite man-in-the-middle technologies in place, the actual data was still not accessible owing to application level encryption or obfuscation being employed. Therefore, it is important to be able to use the network metadata to discover strengths/weaknesses in the encryption technology being employed in the network. It also presents an opportunity to discover the actors using encrypted communication, the profile of communication, detecting application leaks, fingerprinting devices/OS and, client/server using special code logics in the product gives greater insight into the underlying nature of encrypted communication and assists analyst to detect security risks.

Threat Analytics

With its Natural Language Processing ability that mines all communication chatter to identify and provide insight into people, organizations, events and, places; the PacketWorker natively provides a platform to avoid content inspection and instead look at the metadata using analytics or visualization tools such as tag-cloud or, metric aggregations and detect malicious insiders or, perform DNS Threat Analytics to detect suspicious domains or activity where DNS traffic is being used for data hoarding or exfiltration.

Proactive Threat Hunting

On any network, there will be instances of unusual or suspicious activity. This unusual activity can sometimes be indicative of advanced threats and targeted activity. PacketWorker for Network Forensics enables extremely fast search engine that enables analyst to quickly determine activities of interest based on network metadata and, retrieval of interesting artifacts using the same framework without actually the need to use expensive compute to reconstruct each and every session thereby speeding up analyst activity by providing them with the intelligence they need to identify activities and artifacts of interest.

Incident Response

Speed of response is critical when responding to an incident. Depending on the nature, the “Incident” may not yet be the incident it is thought out to be. Nevertheless, it is important to quickly ascertain the facts and confirm. PacketWorker for Network Forensics proves an effective tool here too – By enabling careful monitoring of effectiveness of response measures.

DNS/Passive DNS

Data from Domain Name System (DNS) queries and responses can provide a wealth of information about unusual or suspicious network activity. Network Forensics gathers layer 7 enriched meta-data for a variety of application protocols, including DNS. This provides an organisation with actual DNS monitoring and passive DNS data collection system without requiring additional technology or hardware investment.

Actionable Intelligence

Actionable intelligence can help to enrich and mature a security operations programme, as well as improve intrusion detection. Many details go into leveraging intelligence, but one of the most important is the existence of a reliable data of record. There are two time based aspects – historical and ongoing. To properly leverage intelligence, a scalable network forensics solution that can both record all network data at high speed and make that data and meta-data available for analysis is required.

For an overview of PacketWorker NF and other products, please contact your friendly Vehere sales representative or one of our partners.