Tag Archives: wildpackets

Finding Evidence of a Security Attack

Data security is a race between attackers and defenders. Attackers win when they can commit their crimes—stealing data, encrypting files, or performing some other destructive act—before being detected and stopped. Defenders win when they detect an attack and stop it before any harm is done.

Unfortunately, these days, the attackers seem to have time on their side. The typical security attack lingers undetected on an enterprise network for an average of 229 days, according to researchers. That’s over 7 months of free time for stealing data and committing some other act of cyber crime.

Why does it take so long to detect security attacks? One reason is that today’s attacks are increasingly subtle and sophisticated. But another reason is that, once an attack slips past network defenses and hides on the network for even a few days, the amount of hard evidence that security analysts have access to falls off dramatically.

In the first two days, security analysts are likely to have access to network forensics data with stored packets containing the attack itself. After two days, the evidence shrinks to mostly derivative data—some log files here, some metadata there. These can sometimes provide indirect clues about what really took place, but it’s far less useful than being able to explore the actual traffic containing the attack itself.

We created Savvius Vigil, our state-of-the-art security forensics solution, precisely to address this problem. Savvius Vigil builds on security tools that enterprises have in place, such as SIEM systems and their IDS/IPS capabilities.

When a SIEM system raises an alert about suspicious traffic, Savvius Vigil stores the network traffic immediately preceding and following the event for forensic review. It integrates events from multiple sources, including network conversations with specified IP addresses. Traffic between relevant nodes is captured before and after the triggered events. Optionally, all related traffic to and from an event’s IP addresses is captured as well.

Savvius Vigil saves only traffic that has been deemed suspicious; all other traffic is eventually discarded. What’s left is a repository of suspicious events—packet-level-details and all—that security analysts can examine once they suspect that an alert is genuine and not a false positive.

Now, thanks to Savvius Vigil, security professionals investigating a security attack that is days, weeks, or even months old can take advantage of packet-level network traffic in their investigation—something previously unachievable.

“By automatically storing the appropriate network packets, Savvius Vigil enhances the ability of security analysts to quickly understand and respond to newly discovered threats,” says Keatron Evans, principal analyst at Blink Digital Security. “It allows us to go from notification of breach to completed analysis much faster.”

In the race between attackers and defenders, defenders just gained a powerful tool for speeding up the clock in their favor.

For more information about Savvius Vigil, check out the press release or the Product Datasheet. Or contact us.

Introducing Savvius

As many of you know, WildPackets has a long history as a leading provider of network monitoring and forensics solutions to enterprises, SMBs, and government agencies. In a crowded market of network IT vendors, we’re pleased to say we’ve developed a strong reputation for making exceptional network analysis software and packet storage appliances.

We’re proud of what we’ve achieved. Most of all, we’re pleased to have been able to help so many different organizations and IT professionals make the most of their networks and network-dependent technologies. Our customers are driven, tech-savvy, and creative, and we’re pleased to have contributed, through our network analysis solutions, to their success.

Now—as we all know—the world is changing: faster networks, new devices, more devices, new apps.

To continue to serve our customers, we recognized that we, too, had to keep changing. We realized that it’s time to build on our legacy and create something new. Specifically, we realized it’s time to apply our expertise in network analysis to important problems faced by organizations of all sizes, and to develop new, best-in-class solutions that enable our customers to do more with their (faster, more hyperconnected) networks than they’ve ever done before.

So today we’re making several announcements. We’re announcing a new focus for our company, and we’re announcing an exciting new product that’s unlike anything else available in network IT today.

But let’s start with our new name, which provides the most concise summary possible of our new vision and our new direction.

We’re excited to announce today that we are changing our name to Savvius. Savvius derives from “savvy” or “full of insight.” This name better reflects our company’s full line of products and mission for the future.

And here’s an example of the type of insight we’re talking about.

Over the past several years, we have seen an increase in organizations using our network investigation components to enhance security forensics. We’ve been helping organizations store hours, days, and even a few weeks of network data for analyzing security anomalies that have occurred on the network. All too often, these anomalies turn out to be indications of a security attack, such as a data breach.

Despite the impressive evolution of IT defenses, security attacks are still getting through, and in many cases, they’re lingering on the network longer than a few weeks before being discovered. They’re lingering for months. About 7 and a half months on average: 229 days

Which is why today we are also announcing the introduction of Savvius Vigil™, the industry’s first security appliance that provides weeks or even months’ worth of relevant network packet data following a security incident.

Unique in the market, Savvius Vigil stores packet data correlated with security events detected by your existing SIEM solutions. Savvius Vigil stores that data for months or longer in a searchable repository. When security professionals want to investigate anomalies that have occurred days, weeks, or even months ago, now they can, with Savvius Vigil.

Savvius Vigil gives IT security professionals the hard evidence they’ve been missing when investigating security breaches. You can learn more about Savvius Vigil here.

Moving forward, our company’s focus will be on empowering network and security professionals with the best packet-based analysis products, capabilities and solutions on the market.

We’ve taken a huge step in that direction with today’s announcement, and we hope that you follow along with us as we continue to innovate and provide the most comprehensive view of your network.

For more information, check out today’s announcement, take a look around our website or get in touch!

The Top Challenges for Network Engineers in 2015

In 2014, IT professionals faced myriad challenges on a number of fronts; unfortunately, these employees are unlikely to get a rest in 2015. The job of network engineer seems to grow more difficult each day, as these employees continue to see an increasing number of complex tasks land on their desks. Still, solutions do exist that can help lighten the load for these IT professionals. With that in mind, here’s a list of some of the high-priority obstacles engineers will face in the new year and the products that can help them meet those challenges:

Handling More Traffic on a Similar Budget

Worldwide IT spending is on the upswing as businesses across all sectors try to meet customer expectations. Still, global IT spending rose just 2.1 percent overall in 2014 according to Gartner, less than earlier predictions of 3.2 percent. At the same time, some analysts predict network traffic will double in 2015. So, although some IT engineers will see modest budget increases, they may not get enough money allocated to hire new personnel, meaning they will have to adopt or make better use of high-speed network monitoring solutions to handle increased traffic.

Ensuring QoS With Increased High-Bandwidth Traffic

Organizations are being forced to ramp up bandwidth to support more complex customer-facing applications and increased use of enterprise video, VoIP and other high-bandwidth internal traffic. This shift to network speeds of 10G or higher, however, can present a problem for engineers because it becomes more difficult to monitor traffic at those greater speeds. If engineers can’t see the network traffic, they can’t troubleshoot in real time, and network performance suffers both for employees and customers using the organization’s applications. As a result, network and application performance monitoring solutions will become critical to keeping systems running smoothly.

Dealing With Increasingly Frequent and Complex Security Threats                  

Unfortunately, 2014 was a banner year for hackers and a trying year for IT security and C-level executives. Businesses in a wide variety of sectors experienced malicious hacks and data breaches that had a profoundly negative impact on the infiltrated companies’ public image and fiscal health. Considering that hackers have successfully breached government agencies and large banks, the frequency of attack is likely to grow in 2015. Spending on cybersecurity is already rising, with the research firm MarketsandMarkets predicting the global market will reach $155.75 billion by 2017, up from $95.60 billion in 2014. As more businesses look to adopt high-quality cyberattack analysis and network forensics solutions, those numbers may grow even larger.

Will Your Engineer Be Ready?                                                                                               

Your network engineer is going to face some serious issues in 2015—that is not in doubt. What remains to be seen is whether that engineer will be able to handle these challenges, which will depend largely on the tools at your organization’s disposal. WildPackets offers a wide range of products and services that enable network engineers to do their jobs more efficiently with pin point accuracy.

Are you interested in learning more about network monitoring and analysis? Click here to visit our resource page and download one of our white papers.