Enterprise IT Incident Response – Network Forensic Considerations
April 27, 2013Network Forensics allows your organization to capture valuable, actionable intelligence to help secure your network and help ensure its availability. By capturing raw network data and using advanced forensics analysis, your IT and security staff can effectively identify how your business assets are affected by network exploits, internal data theft, and security or HR policy violations. Network Forensics helps your organization mitigate risk, comply with regulations, and reduce analysis and investigation cost through its patented technology that allows you to visualize network activity, uncover anomalous traffic and investigate security breaches.
Network Forensics effectively answers the question – often recurring in the aftermath of a security incident – What happened?. It tackles the difficult task of capturing, analyzing and visualizing intelligence regarding anomalous network activity, and aiding to ensure organization-wide and regulatory compliance. Network Forensics is a passive network monitoring solution that integrates both security and network management disciplines.
Enterprise Infrastructure Management strategy, is a network-based technology which captures network traffic in near real-time, proactively recording this into a knowledge base that can be queried. It visualizes network activity by creating a dynamic picture of communication flows to swiftly expose break-in attempts, vulnerabilities, abnormal usage, policy violations and misuse, anomalies, and more before, during and after an incident. Operating like a surveillance camera, Network Forensics can play back events from thousands of communications to validate system threats. It can identify the offender or rings of perpetrators, and help you mitigate the recurrence of the same security incident. Its advanced forensics, content and pattern analysis; reporting; and visualization tools can create a complete view of how network communications are affecting the security and availability of network resources. This enables security professionals to rapidly and efficiently build crucial, actionable intelligence about network usage, thereby reducing investigation cost, while improving operational efficiencies in virtually all phases of security planning, deployment and recovery, as well as creating valuable information that directly contributes towards demonstrable compliance to internal policies and government regulations.
Highlights
- Network Forensics delivers a unique value to an organization’s security infrastructure by providing a dynamic and comprehensive picture of network communications. As a result, network security professionals can build crucial intelligence about network asset utilization, validate existing architecture and security policies, comply with an auditor’s requirements and enable forensics network analysis.
- Network Forensics provides a common ground for the capture, analysis and visualization of enterprise security and network data to support an organization’s effort to protect critical intellectual property, content control and privacy.
- Network Forensics capability to import data from third-party firewalls, intrusion detection systems, and other blocking or alerting devices it can support proactive prevention efforts, and rapidly perform further drill-down, targeted investigations.
Key Feature considerations:
Network Traffic Recording, Analysis and Visualization
- Visualizes network activity
- Uncovers anomalous traffic
- Real-time taxonomy and recording of packet headers and full content sessions
- Dynamic graphical representations can rapidly identify abnormal network behaviors
- Build crucial intelligence about network usage
- Provide the means for anomaly detection through advanced visualization rendering
- Offers incident response teams a graphical representation of anomalous activities, providing visibility into network communications before, during and after a suspicious event
- Records network traffic and analyses for later playback and scrutiny
- Displays a holistic view of security events and animates sequences of attacks
- Shows logical network connections and their interdependencies
Communications Knowledge Base
- Creates and stores valuable information that directly contributes towards demonstrable compliance
Network Forensics Investigation and Reporting
- Perform network forensic investigations to identify incidents and preclude reoccurrence
- Solves specific problem areas with general audits and targeted investigations
- Enables security due diligence and provides effective answers to common, but difficult-to-answer questions, including:
- Who is on your network?
- When are they there?
- What do they do?
- Where are the breaches?
- How is your network being exploited?
- Supplements true security management with a powerful investigative tool
- Investigates security breaches
- Exposes abnormal usage
Pattern and Content Analysis
- Distinguish between diversionary and truly malicious incidents
- Spot potential threats
- Visualizes behavioral patterns
- Analyzes emails, keywords, binary files, or other references to reveal improper data exchange or leakage
Architecture Flexibility considerations
- Enhances current security perimeter solutions (such as firewall and intrusion detection systems) by providing additional insight into network data that caused a system alert
- Correlates log data from various systems over the period of time surrounding a suspicious event to facilitate more holistic investigations
What business value does Network Forensics provide?
- Reduce analysis time
- Non-invasive investigation
- Portable, convenient solution (optional)
- More investigations done with the same number of investigators
- Faster data capture and information analysis and visualization than traditional means
- Quickly identifies the perpetrator, and finds when and where the incident occurred
- Increase response time by reconstructing network events
- Solid ROI – time and cost savings in planning, deploying and maintaining security
- Enable security due diligence
- Quantify security risk
- Utilize existing investments
- Support audit or compliance requirements
- Increase effectiveness and efficiency of IT and security staff
- Faster identification of network security issues that impact your business
- Improve enterprise security awareness to recurring exploits of identified security flaws
- Better use of security resources leaving staff to focus on business-critical projects
www.bestitdocuments.com