Often times security investigators need packet data from days, weeks, even months prior to when a breach is discovered. The increasing need for storage space becomes exponentially more difficult to manage as additional networks are tapped, or if the network is running at 10 Gbps or higher speeds. Simple math will show that the storage requirement jumps to 3 PB for 30 days’ worth of data. Naturally, very few companies have the appetite to manage such large volumes of storage capacity, but the longer they are able to keep network traffic, the better.
Savvius Vigil provides the answer. Rather than full packet capture, Savvius Vigil is a selective packet capture system driven by alerts and security incidents. It continuously collects all network packets associated with those alerts, and uses screening algorithms to discard unassociated packets and conserve storage space. This 96 TB device also supports simultaneous feeds from multiple sources, integrating seamlessly with equipment from major vendors such as Cisco, Gigamon, HP Enterprise, IBM, Ixia, Lancope, Palo Alto Networks, Snort, Suricata and more. Savvius Vigil’s intelligent storage methodology enriches the stored information for mining. This selective approach allows security analysts to conduct a deep dive on any suspicious packet data whenever needed, perhaps even months after the incident.