pointer

Savvius at the RSA Conference 2015

We’re back from this year’s RSA Conference in San Francisco. This is the largest security conference in the US. Over 40,000 people attended this year’s event. The sessions and exhibit halls were busy and crowded.

bob_omnipeek

In the photo above, Bob Chapman, our Sales Representative for the North West region, is using his powers of peermap vision to gain visibility and actionable intelligence about a potential customers network management requirements.

The conference was especially exciting for us, because it was our first public appearance as Savvius, which was well received at RSA. Attendees coming by the booth could see and feel the energy around the new, more savvy, company name, the enterprise branding, and the clear messaging about Savvius as a company, and our new products and solutions. What we like to call “Savvius 1.0” was executed and released in a very short period of time just prior to RSA, and is evidence that Savvius is on the fast track to being a leader in security forensics. The best example of this is the debut of Savvius Vigil, our new network security forensics appliance for storing months of packet-level information for enhancing security investigations.

Reaction to Savvius Vigil was extremely positive. RSA attendees are security professionals. Their daily work involves anticipating, defending against, investigating, and stopping data breaches. They understand how stealthy today’s security attacks are, and they know, first-hand, how long it can take to track down and characterize an attack using the tools available to most IT departments.

That’s why Savvius Vigil was such welcome news to them. Savvius Vigil stores the network traffic associated with alerts raised by SIEM products such as HP ArcSight.

Storing all network traffic for a large enterprise indefinitely just isn’t practical, but Savvius Vigil’s recording and indexing of just the traffic associated with security alerts gives RSA attendees and their security colleagues the data repository they’ve been looking for. It’s an in-depth record of suspicious network events with all extraneous data filtered out. It’s like a highlights reel of suspicious characters from a crime thriller.

“That makes perfect sense,” one attendee told us.

We think so, too.

Savvius at Interop: April 28-April 30

Hot off the heels of RSA, the Savvius team is making the trip to Las Vegas for Interop this week. Interop brings together the brightest minds in the IT industry to exhibit the latest technology innovations in applications, cloud, collaboration infrastructure, mobility, networking and virtualization. Savvius will be exhibiting during the show and was selected as a finalist for 2015 Best of Interop Award for its Omnipliance Wi-Fi technology.

Savvius will be demonstrating its new OmniPeek 9.0 on the expo floor highlighting application aware network analytics and troubleshooting abilities through Deep Packet Inspection technology licensed from Procera Networks. There will also be informative material on the Savvius Vigil security appliance that you don’t want to miss.

Come see the entire line of Savvius products at booth 2445!

Finding Evidence of a Security Attack

Data security is a race between attackers and defenders. Attackers win when they can commit their crimes—stealing data, encrypting files, or performing some other destructive act—before being detected and stopped. Defenders win when they detect an attack and stop it before any harm is done.

Unfortunately, these days, the attackers seem to have time on their side. The typical security attack lingers undetected on an enterprise network for an average of 229 days, according to researchers. That’s over 7 months of free time for stealing data and committing some other act of cyber crime.

Why does it take so long to detect security attacks? One reason is that today’s attacks are increasingly subtle and sophisticated. But another reason is that, once an attack slips past network defenses and hides on the network for even a few days, the amount of hard evidence that security analysts have access to falls off dramatically.

In the first two days, security analysts are likely to have access to network forensics data with stored packets containing the attack itself. After two days, the evidence shrinks to mostly derivative data—some log files here, some metadata there. These can sometimes provide indirect clues about what really took place, but it’s far less useful than being able to explore the actual traffic containing the attack itself.

We created Savvius Vigil, our state-of-the-art security forensics solution, precisely to address this problem. Savvius Vigil builds on security tools that enterprises have in place, such as SIEM systems and their IDS/IPS capabilities.

When a SIEM system raises an alert about suspicious traffic, Savvius Vigil stores the network traffic immediately preceding and following the event for forensic review. It integrates events from multiple sources, including network conversations with specified IP addresses. Traffic between relevant nodes is captured before and after the triggered events. Optionally, all related traffic to and from an event’s IP addresses is captured as well.

Savvius Vigil saves only traffic that has been deemed suspicious; all other traffic is eventually discarded. What’s left is a repository of suspicious events—packet-level-details and all—that security analysts can examine once they suspect that an alert is genuine and not a false positive.

Now, thanks to Savvius Vigil, security professionals investigating a security attack that is days, weeks, or even months old can take advantage of packet-level network traffic in their investigation—something previously unachievable.

“By automatically storing the appropriate network packets, Savvius Vigil enhances the ability of security analysts to quickly understand and respond to newly discovered threats,” says Keatron Evans, principal analyst at Blink Digital Security. “It allows us to go from notification of breach to completed analysis much faster.”

In the race between attackers and defenders, defenders just gained a powerful tool for speeding up the clock in their favor.

For more information about Savvius Vigil, check out the press release or the Product Datasheet. Or contact us.