20. A Comprehensive Security System
Firewalls
Intrusion Prevention
Intrusion Detection
Packet Forensics -
Network Packet Recorder
Increasing Level of Prevention Increasing Level of Forensics
Visibility
21. What is a Network Packet Recorder
• A technology that records digital
communications, no matter what language
(protocol) is used between the parties
• Combined with analysis software, recorded
communications can be investigated to identify
what information was exchanged and when
22. Questions Answered with Network Recorders
• Who’s trying to enter/communicate with my
resource(s)?
• What other resources has this person
communicated with?
• When did this entity enter/communicate
previously?
• What Files has this entity tried to access?
• Who’s been trying to enter false passwords?
• Is an entity trying to deliver a malicious
“package” to a device on my network?
23. Network Forensics – Essential Capabilities
• Full packet capture with massive scale and in
compliance with digital evidence rules
• Retention of data for days or weeks
• Fast access to captured data via search and
other tools
• Packet header analysis, including summarizing
and trending the network activity
• Packet contents analysis across protocols,
including file extraction, session viewing, and
L4-7 application analysis.
• Compare data with known threat signatures
• See all traffic and make inferences about
relationships
31. Post-Event Intrusion Resolution
• Application-Aware Network Tools with DPI can
strengthen a Security strategy
• Long term capture/storage acts like a 24/7
Video Camera on the Network
o Storage that can scale to PB retention levels
o Network and Security personnel can efficiently
detect and root-out intrusions, malware, and
other un-authorized activities within the IT
infrastructure.
o Reduce Tool sprawl and increase collaboration