One common weakness in modern forensic investigative solutions is that only save a record of network activity from after an attack is detected. This can capture the exfiltrated data (which is valuable) but it often does not capture the initial attack, so the entire process can’t be recreated. Tom Rowley, our Security Strategist at Savvius, wrote an article for LoveMyTool that walks through an iFrame attack chain and shows how it can be reconstructed if you have a tool like Savvius Vigil that captures packet data from before the security alert triggers.

Optimizing Network Security With Packet Intelligence

By Tom Rowley

Enterprise security teams devote an incredible amount of resources to monitoring and defending their networks. Everyone knows there are professional grade tools that can monitor networks 24×7 providing detailed information about usage as well as enabling the in-depth examination of captured traffic once an Intrusion Detection System (IDS) has identified an activity that needs to be investigated.

Read the rest of Tom’s article and see more excellent network management/monitoring tutorials on LoveMyTool.