Network Security Forensics & Troubleshooting

Network Security Forensics

NetScout Solution for Network Security Forensics
The NetScout Solution supplements your data security system by enabling:

early detection and diagnosis of security breaches

long-term recall for post-event forensics analysis and reconstruction

quick assessment and pinpointing of potential security issues

Challenges of Existing Security Tools
Network perimeter defenses such as firewalls, network intrusion detection systems (NIDS), intrusion prevention systems (IPS) and anomaly behavior systems are critical first measures of defense, but have limitations that prevent complete protection of today’s complex and dynamic network environments. Such systems are often ineffective against:

Attacks that originate from personal laptops, POP-based email services, flash-based storage devices (e.g., USB drives) or rogue wireless devices

Zero-day attacks or known attacks for which signatures have not been implemented

Unauthorized remote control “zombie” or peer-to-peer software

NetScout Solution Supplements Your Existing Security
The NetScout Solution – nGenius Performance Manager, nGenius Analytics for Flows and nGenius AFMon – supplements your existing security solutions, bridging your network and security operations teams and making them more effective by:

Detecting significant changes in network and application behavior, providing early warning of changes in traffic patterns that may be security breaches or other performance issues.

Diagnosing root cause, enabling speedy restoration of the network to normal operations and reducing mean time to repair (MTTR).

Tracking all applications, conversations and hosts, not just the “Top N” applications or those that exceed a certain threshold of activity to catch low-level intrusions.

Quickly identifying source and destination IP addresses providing the information necessary to contain an attack before it propagates throughout the enterprise.

Accelerating assessment and pinpointing of security issues, given our top-down viewpoint and easily configurable packet decode filtering and on-demand reporting capabilities.

Recording and archiving continuous packet capture trace files, including full packet header and payload details on a 24x7 basis, enabling long-term recall for post-event forensics analysis and reconstruction.

Enabling you to correlate anomalous events discovered by your enterprise security product with observed network traffic behavior.

Network Security Screenshot - Slammer Worm

Click to enlarge.

Right clicking on a peak within Link Usage Over Time screen, supplies a list of All Applications. A network or security manager can easily see substantial, abnormal use of MSSQLMON, a protocol that is rarely used. A packet-level decode quickly shows that a SQL Slammer worm is indeed the source of the abnormal performance.

Related Documents

Enabling Products
To find out more information about NetScout’s Sniffer and nGenius products click on the appropriate category links below:

Network Analysis and Reporting – packet/flow-based analysis software for comprehensive network visibility

Advanced Intelligence – early detection and in-depth analysis of complex or specialized application services

Continuous Packet Capture – long-term packet capture for real-time and retrospective network troubleshooting

Distributed Network Monitoring – robust, versatile monitoring devices for LAN and WAN environments

	Sniffer Products:	NetVigil \| Visualizer \| Administrator Application Intelligence \| Financial Intelligence \| Mobile Intelligence \| MultiSegment Intelligence \| VoIP Intelligence Sniffer InfiniStream \| Sniffer Distributed \| Sniffer Portable

	nGenius® Products:	Performance Manager \| Performance Manager for NetFlow \| Analytics for Flows \| Probes \| NetFlow Collector \| AFMon

	Solutions:	Application Monitoring \| Capacity Planning \| Citrix \| Cisco \| Disaster Recovery \| IP Multicast \| MPLS Networks \| NetFlow Monitoring \| Multimedia Network Performance Management \| Network Troubleshooting \| Packet Analysis \| Performance Analytics \| QoS \| Response Time Virtualization \| VoIP Management \| VPN Networks

	Industries:	Banking \| Energy \| Government \| Health Care \| Insurance \| Manufacturing \| Petroleum Retail \| Life Sciences/Pharmaceutical \| Telecommunications Service Providers

	PDF Library :	White Papers \| Buyer's Guide \| Data Sheets \| Success Stories\| \| Brochures \| All Downloadable Documents

	Partners:	Alliance Partners \| Channel Partners

	Company:	Home \| About Us \| Executive Team \| Directions \| Contact Us \| Career Opportunities NetScout China 中文 \| NetScout India

	News & Events :	Newsroom \| Press Releases \| Events \| Media Coverage \| Analyst Coverage Newsletters \| RSS \| PR Contacts \| Shows & Conferences \| Webinars

	Support:	Home \| Product Registration \| NetScout User Forum

	Training:	Home \| Online Learning Center \| Classroom Training \| NCA Certification \| Live Learning \| Peer Training

		Copyright © 2008 NetScout Systems, Inc. All rights reserved. \| Legal Terms of Use. \| Privacy Policy