Historically, most security investments have been focused on perimeter defense. In the face of an evolving threat landscape, the borderless nature of networks and the dramatic increase in security incidents, enterprises are now tuning their security strategies to create more data-centric focused approaches that strengthen their post-incident forensic analysis capabilities. However, even with today’s network forensic tools, the ability to swiftly investigate security incidents by reconstructing and analyzing network activity has proven difficult and complicated. Performing physical packet analysis is a valuable approach, but requires deep expertise and packet analysis literacy, requiring more time spent stitching together bits and pieces of network traffic versus actually analyzing an incident – stealing precious time from an urgent incident investigation. The technical challenges are further compounded by the limited access to captured packet traffic for historical back-in-time analysis due to the high cost of always-on visibility and capture capabilities.
“Advances in threat techniques, along with continued vulnerabilities in people and software, mean that businesses need to continually monitor and assess their security status,” said John Pescatore, vice president distinguished analyst at Gartner. “Today’s advanced targeted threats use multiple attack paths and sophisticated evasion techniques. The ability to collect, store and analyze large volumes of network traffic to detect potential and successful threats is critical to rapid incident response and impact reduction, as well as for continually improving the effectiveness of security controls.”
nGenius® Forensic Intelligence removes the complexity associated with network forensic analysis activities by delivering contextual visualization of IP communications sessions with automated reconstruction and contextual visual replay of a targeted session, enabling a incident investigator to see exactly what a user saw. As historical packet data is analyzed, a chronological list of network activity is displayed. The incident investigator can replay individual events, or all events sequentially in precise chronological order with a simple point-and-click action.
The self-contained network forensic analysis module supports both IPv4 and IPv6 traffic and can reconstruct and replay hundreds of IP-based services and applications, including web services, e-mail, social media, and voice and video sessions. A simple and logical workflow enables a wide range of technical and non-technical users across IT operations teams to rapidly investigate targeted activities, users, or specific networked resources. Powerful and flexible filtering and searching capabilities streamline investigations, enabling the incident investigator to focus on specific activities, thus simplifying cyber investigations and speeding time to knowledge.
As part of the nGenius Service Assurance Solution, nGenius Forensic Intelligence supports highly complex, distributed network environments by leveraging the always-on monitoring capabilities of the nGenius InfiniStream appliance. As a trusted and reliable source of rich, accurate and secure historical network traffic, the nGenius InfiniStream appliance provides high capacity, continuous packet capture for Gigabit and 10 Gigabit Ethernet links, with secure storage capacities ranging from 1 terabyte (TB) to 96 TB at a single network monitoring point. This flexibility enables IT organizations to cost-effectively scale data collection from hours, to days, to weeks to meet a wide-range of network forensics requirements. In addition, the distributed processing and analysis capabilities inherent within the nGenius solution delivers performance at scale while reducing the associated packet transfer impact to the network. The recently announced nGenius 1500 series packet flow switch further complements and strengthens network forensic activities by enabling IT teams to dynamically direct traffic from virtually anywhere in the network to an nGenius InfiniStream appliance for on-demand packet capture and facilitate rapid incident response or a targeted investigation.
nGenius Forensic Intelligence provides a highly secure environment with a zero-desktop footprint. All reconstructed data is stored on a dedicated secure server to maintain data security, minimize unnecessary network traffic and protect the incident investigator from any reconstructed malware. Role-based access policies protect against unauthorized access of sensitive data and provide a full audit trail of all incident investigator activities.
“With the introduction of nGenius Forensic Intelligence, NetScout is bringing meaningful change to the network forensics market landscape with the first automated session reconstruction and replay analysis product integrated into a service assurance platform,” said Steven Shalita, vice president marketing at NetScout. “Leveraging one universal intelligent data source that supports service management and forensic analysis activities further extends the value of packet-flow investments while also improving the level of collaboration across IT teams. In the end, this will empower IT organizations to further simplify and consolidate their network monitoring architecture, thus reducing vendor complexity, improving time to value and lowering the overall total cost of ownership.”
The nGenius Forensics Intelligence analysis module is now entering controlled early field trials (EFT). General availability is planned for the June/July 2012 time frame. nGenius Forensic Intelligence will ship as a self-contained hardened server that leverages native packet streams from nGenius InfiniStream appliances. Contact NetScout or a NetScout authorized reseller for more information.
About NetScout Systems, Inc.
NetScout Systems, Inc. (NASDAQ: NTCT) is the market leader in Unified Service Delivery Management enabling comprehensive end-to-end network and application assurance. For 27 years, NetScout has delivered breakthrough packet-flow technology that provides trusted and comprehensive real-time network and application performance intelligence enabling unified assurance of the network, applications and users. These solutions enable IT staff to predict, preempt and resolve network and service delivery problems while facilitating the optimization and capacity planning of the network infrastructure. NetScout nGenius® and Sniffer® solutions are deployed at more than 20,000 of the world’s largest enterprises, government agencies, and more than 148 service providers, on over one million physical and 2,000 virtual network segments to assure the network, applications, and service delivery to their users and customers. For more information about NetScout go to www.netscout.com.