09 October 2015
Savvius (formerly WildPackets) has teamed up with Lancope to enhance data security breach investigations and forensics.
Lancope will integrate Savvius Vigil into its StealthWatch system. Savvius, which specialises in packet-level network analytics, claims Vigil is the industry’s first security appliance capable of automatically storing months of network packet events. It says this enables companies to have more than just log data without the associated costs of storing terabytes or even petabytes of packets.
Lancope’s StealthWatch offers network visibility and security intelligence across physical and virtual environments. By using the system, the company says network operations and security teams can obtain actionable insight into network usage and suspicious behaviours linked to APTs, insider threats, and malware.
When StealthWatch detects suspicious behaviour, it can now automatically alert Vigil to record the network packets associated with that event, including packets preceding and following the event, for later investigation by security analysts.
According to Savvius, Vigil makes security investigations more effective, reducing the time to complete understanding and full resolution of an incident.
It says the platform makes network packet data – which is vital for analysing and understanding attacks and threats – available in circumstances where previously not available, such as during investigations into incidents that were not discovered for weeks or months.Vigil includes.
It integrates with an organisation's existing SIEM’s IDS/IPS capabilities to trigger storage of network packets. Events are integrated from multiple sources, including network conversations with specified IP addresses. Savviu says traffic between relevant nodes is captured before and after the triggered events. Optionally, all related traffic to and from an event’s IP addresses is captured as well.
The hardware itself features a 64TB HDD, optional 64TB extended storage, and a four-port 1/10G Network Adapter. It includes Savvius’ OmniPeek network analysis software that can examine recorded traffic in detail, while Vigil software gives users a monitoring dashboard with overview.
“Too often, investigations are hampered by a lack of access to network packet data,” says Savvius’ recently appointed CTO Mandana Javaheri. “Now, organisations using our combined solution can enhance their incident response capabilities with critical additional insight.”
Lancope reckons that the combination of StealthWatch and Vigil provides enterprise security teams with both “broad and deep” visibility into suspicious network activity. It adds that in today’s environment of constantly evolving attacks, technology partnerships like these are important for strengthening the CISO toolset.