Savvius Blog

The Savvius Network Analysis and Monitoring Blog covers enterprise networking news from recent standards, such as 802.11n, and upcoming technologies, such as 100G, to pressing everyday issues around wireless, VoIP, security, and network performance management.

Savvius at Interop: April 28-April 30

Hot off the heels of RSA, the Savvius team is making the trip to Las Vegas for Interop this week. Interop brings together the brightest minds in the IT industry to exhibit the latest technology innovations in applications, cloud, collaboration infrastructure, mobility, networking and virtualization. Savvius will be exhibiting during the show and was selected as a finalist for 2015 Best of Interop Award for its Omnipliance Wi-Fi technology.

Savvius will be demonstrating its new OmniPeek 9.0 on the expo floor highlighting application aware network analytics and troubleshooting abilities through Deep Packet Inspection technology licensed from Procera Networks. There will also be informative material on the Savvius Vigil security appliance that you don’t want to miss.

Come see the entire line of Savvius products at booth 2445!

facebooktwitterlinkedinfacebooktwitterlinkedin

Finding Evidence of a Security Attack

Data security is a race between attackers and defenders. Attackers win when they can commit their crimes—stealing data, encrypting files, or performing some other destructive act—before being detected and stopped. Defenders win when they detect an attack and stop it before any harm is done.

Unfortunately, these days, the attackers seem to have time on their side. The typical security attack lingers undetected on an enterprise network for an average of 229 days, according to researchers. That’s over 7 months of free time for stealing data and committing some other act of cyber crime.

Why does it take so long to detect security attacks? One reason is that today’s attacks are increasingly subtle and sophisticated. But another reason is that, once an attack slips past network defenses and hides on the network for even a few days, the amount of hard evidence that security analysts have access to falls off dramatically.

In the first two days, security analysts are likely to have access to network forensics data with stored packets containing the attack itself. After two days, the evidence shrinks to mostly derivative data—some log files here, some metadata there. These can sometimes provide indirect clues about what really took place, but it’s far less useful than being able to explore the actual traffic containing the attack itself.

We created Savvius Vigil, our state-of-the-art security forensics solution, precisely to address this problem. Savvius Vigil builds on security tools that enterprises have in place, such as SIEM systems and their IDS/IPS capabilities.

When a SIEM system raises an alert about suspicious traffic, Savvius Vigil stores the network traffic immediately preceding and following the event for forensic review. It integrates events from multiple sources, including network conversations with specified IP addresses. Traffic between relevant nodes is captured before and after the triggered events. Optionally, all related traffic to and from an event’s IP addresses is captured as well.

Savvius Vigil saves only traffic that has been deemed suspicious; all other traffic is eventually discarded. What’s left is a repository of suspicious events—packet-level-details and all—that security analysts can examine once they suspect that an alert is genuine and not a false positive.

Now, thanks to Savvius Vigil, security professionals investigating a security attack that is days, weeks, or even months old can take advantage of packet-level network traffic in their investigation—something previously unachievable.

“By automatically storing the appropriate network packets, Savvius Vigil enhances the ability of security analysts to quickly understand and respond to newly discovered threats,” says Keatron Evans, principal analyst at Blink Digital Security. “It allows us to go from notification of breach to completed analysis much faster.”

In the race between attackers and defenders, defenders just gained a powerful tool for speeding up the clock in their favor.

For more information about Savvius Vigil, check out the press release or the Product Datasheet. Or contact us.

facebooktwitterlinkedinfacebooktwitterlinkedin

Contact Us Savvius Blog Follow Savvius on Twitter Like Savvius on Facebook Follow Savvius on LinkedIn Follow Savvius on YouTube Follow Savvius on Slideshare