Problems

Often times security investigators need packet data from days, weeks, even months prior to when a breach is discovered. The increasing need for storage space becomes exponentially more difficult to manage as additional networks are tapped, or if the network is running at 10 Gbps or higher speeds. Simple math will show that the storage requirement jumps to 3 PB for 30 days’ worth of data. Naturally, very few companies have the appetite to manage such large volumes of storage capacity, but the longer they are able to keep network traffic, the better.

How do I store forensically useful network data when I have an active network?

How do I store forensically useful network data when I have an active network?

How do I economically store months worth of packet data?

How do I economically store months worth of packet data?

Solution

Savvius Vigil provides the answer. Rather than full packet capture, Savvius Vigil is a selective packet capture system driven by alerts and security incidents. It continuously collects all network packets associated with those alerts, and uses screening algorithms to discard unassociated packets and conserve storage space. This 96 TB device also supports simultaneous feeds from multiple sources, integrating seamlessly with equipment from major vendors such as Cisco, Gigamon, HP Enterprise, IBM, Ixia, Lancope, Palo Alto Networks, Snort, Suricata and more. Savvius Vigil’s intelligent storage methodology enriches the stored information for mining. This selective approach allows security analysts to conduct a deep dive on any suspicious packet data whenever needed, perhaps even months after the incident.