GigaStor does Security Forensics

Network Instruments, a provider of innovative analysis solutions for in-depth network intelligence and continuous availability, announced the release of its GigaStor appliance with integrated security forensics. The comprehensive forensic analysis solution identifies and resolves network, application, and security issues, allowing network and security teams to work together on quick problem resolution.

When troubleshooting enterprise-level networks, engineers from security and network teams often do not have the visibility required to quickly isolate and resolve issues. This can result in time wasted by attempting to replicate the network issue or fighting with other network teams over the cause of the issue.

To facilitate fast problem resolution, Network Instruments expanded the retrospective network analysis capabilities of GigaStor to identify security breaches. GigaStor operates like a security camera, recording everything traversing the network for future analysis. With Security Forensics, GigaStor determines whether a security breach occurred by comparing the historical traffic against a list of thousands of known attacks and anomalies. If a breach is identified, GigaStor provides drill-down analysis to determine the source and time of the occurrence.

"GigaStor dramatically changes the way an enterprise can troubleshoot application and network issues," said Douglas Smith, president of Network Instruments. "GigaStor gives a network team the benefit of 20/20 hindsight in identifying and resolving problems. Having the event recorded, the team is able to see everything unfold as well as run extensive Expert analysis on the historical data, which improves their accuracy and speed in diagnosing the underlying network problem. The addition of over 8,000 security experts to GigaStor will now change the way security teams investigate and resolve breaches on their networks."

The unique and comprehensive forensic capabilities of GigaStor offer several advantages over conventional analyzers including:

Viewing security breaches in the context of what else happened on the network Validating and providing evidence for compliance and security issues Going back in time to diagnose and locate the source of zero-day attacks Breaking down the silos of IT departments (network and security teams) through quick problem identification

Data Stream Reconstruction

Complementing GigaStor's forensics is its ability to reconstruct captured packet-level information into complete data streams. This capability allows GigaStor to reconstruct network communications, including web pages (including images), instant messaging texts, e-mails, and VoIP calls. With the latest release of Observer, GigaStor can now reconstruct any file sent over an HTTP stream, such as confidential spreadsheets sent by a web-mail account. Data stream reconstruction can be important for investigating a security breach or gathering detailed evidence of a network policy violation.