Network Forensics

The Problem
Network packets are critical to security investigations, since packets are the vehicles for the attack. Yet the typical delays between breach and discovery mean most security investigations must proceed without access to network packets. Before Savvius Vigil, only expensive investments in data storage could provide the long-term access to network packets an investigation needs.

The Solution
Savvius Vigil automates the collection of network tra c needed for security investigations, both reducing the likelihood of a breach, and minimizing the impact should one occur. Even breaches not discovered for months can be e ectively investigated using Savvius Vigil. Savvius Vigil lets your organization conduct powerful forensic investigations by extending breach visibility and integrating with key security systems. You can intelligently capture critical packet data before and after an attack occurs so your organization can gain a clear and accurate picture of the damage, and react quickly.

How it Works
Savvius Vigil integrates with your existing SIEM/IDS/IPS capabilities to intelligently determine what network tra c is relevant for breach investigations. Savvius Vigil continuously collects all network packets and only stores tra c associated with security alerts, discarding unassociated packets. The device also supports feeds from multiple sources simultaneously. Savvius Vigil captures the critical packets that led up to the alert being triggered, from up to 5 minutes before the alert, showing the original cause of a potential breach. You can also con gure Savvius Vigil to store all packets based on speci ed IPs, ports or protocols, all the time, to provide insight into attacks that IDS/IPS solutions miss. And if you suspect an attack is ongoing, you can initiate a full packet capture with a single click, including up to 5 minutes of packet history.

Savvius Vigil integrates with major IDS/IPS solutions, including:

  • Cisco
  • Sophos Cyberoam
  • Gigamon
  • Suricata
  • HP Enterprise
  • IBM
  • IXIA
  • Lancope
  • Palo Alto Networks
  • Snort

Prev Product Next Product