pointer

Tag Archives: cyber security

Savvius at the RSA Conference 2015

We’re back from this year’s RSA Conference in San Francisco. This is the largest security conference in the US. Over 40,000 people attended this year’s event. The sessions and exhibit halls were busy and crowded.

bob_omnipeek

In the photo above, Bob Chapman, our Sales Representative for the North West region, is using his powers of peermap vision to gain visibility and actionable intelligence about a potential customers network management requirements.

The conference was especially exciting for us, because it was our first public appearance as Savvius, which was well received at RSA. Attendees coming by the booth could see and feel the energy around the new, more savvy, company name, the enterprise branding, and the clear messaging about Savvius as a company, and our new products and solutions. What we like to call “Savvius 1.0” was executed and released in a very short period of time just prior to RSA, and is evidence that Savvius is on the fast track to being a leader in security forensics. The best example of this is the debut of Savvius Vigil, our new network security forensics appliance for storing months of packet-level information for enhancing security investigations.

Reaction to Savvius Vigil was extremely positive. RSA attendees are security professionals. Their daily work involves anticipating, defending against, investigating, and stopping data breaches. They understand how stealthy today’s security attacks are, and they know, first-hand, how long it can take to track down and characterize an attack using the tools available to most IT departments.

That’s why Savvius Vigil was such welcome news to them. Savvius Vigil stores the network traffic associated with alerts raised by SIEM products such as HP ArcSight.

Storing all network traffic for a large enterprise indefinitely just isn’t practical, but Savvius Vigil’s recording and indexing of just the traffic associated with security alerts gives RSA attendees and their security colleagues the data repository they’ve been looking for. It’s an in-depth record of suspicious network events with all extraneous data filtered out. It’s like a highlights reel of suspicious characters from a crime thriller.

“That makes perfect sense,” one attendee told us.

We think so, too.

Network Packets Matter to Security Professionals

Imagine that you investigate car accidents. When you arrive at a scene, you see the smashed cars, skid marks, bent post, and whatever else, and quickly determine that one car came into the path of the other one. This paint on the fender matches that dent in the other car, for example, and even the angles where the car ended up tell a story.

Now imagine that the insurance company asks you to investigate an accident that happened last month. You can still go to the scene, but this time, all you see are some skid marks, a still bent post, and a few other things. But no cars. Perhaps you can still figure out what happened, but it isn’t easy.

Being an accident investigator without being able to see the cars is the situation that security incident investigators find themselves in when they are investigating a breach and can’t see the packets that were the vehicle for the attack.

The problem is that most attacks aren’t discovered for months, and by that time, the packets are gone. It just isn’t practical to store weeks and months of network traffic; a network averaging only 3 Gbps requires 7.5 petabytes of storage in 229 (the median time between breach and discovery according to a recent study.) And since it is the median time, even with 7.5 petabytes, you’re missing half the security events. So let’s double it to be safe. And assume we’re buying relatively inexpensive storage. That is still over $5 million!

The answer is intelligently determining what to store, but that’s the subject of another blog post. Stay tuned!

WildPackets Launches 2nd Annual Trends in Network Forensics Survey

According to the Center for Strategic & International Studies, cybercrime costs $375-$575 billion annually and last year caused a net loss of up to 200,000 jobs in the U.S. alone. Data breaches not only damage company performance and integrity, but also impair commerce, competitiveness, innovation and a nation’s overall business growth.

With network forensics–the comprehensive, high-speed capture and analysis of network traffic–IT organizations and in-house security teams gain access to in-depth analysis of network traffic. Security teams can use network forensics to more quickly investigate and stop security attacks by acting on hard evidence about who, what, where, and when.

In February 2014, WildPackets surveyed more than 250 network engineers and IT professionals to better understand the availability and use of network forensics solutions in the enterprise. The survey, Trends in Network Forensics, revealed how many organizations have a network forensics solution in place as well as how organizations are using their network forensics solutions and its benefits.

A year has passed, and thanks to a series of highly publicized data breaches, including the Target and Anthem breaches, security is more than ever on IT organizations’ minds.

This month, WildPackets is kicking off the second annual network forensics survey to better understand how enterprises are using network forensics for security investigations and other IT operations. You can help shape the direction of network forensics in 2015 by participating in our survey. As a thank you, you will automatically have a chance to win a $100 Amazon gift card.

This short survey takes less than 5 minutes to complete. All data is completely anonymous. In order to get accurate results, we need a large sample of respondents across the community. The survey will be running through the month of February so don’t wait!

Survey URL: http://svy.mk/1zXwsou