NetScout simplifies network forensics

NetScout Systems announced nGenius Forensic Intelligence, a new analysis module for the nGenius Service Assurance Solution that enables network operations and information security teams to accelerate forensic analysis of network traffic with automated, accurate and contextual session reconstruction and visual replay for security-focused investigations.

Historically, most security investments have been focused on perimeter defense. In the face of an evolving threat landscape, the borderless nature of networks and the dramatic increase in security incidents, enterprises are now tuning their security strategies to create more data-centric focused approaches that strengthen their post-incident forensic analysis capabilities.

However, even with today’s network forensic tools, the ability to swiftly investigate security incidents by reconstructing and analyzing network activity has proven difficult and complicated.

Performing physical packet analysis is a valuable approach, but requires deep expertise and packet analysis literacy, requiring more time spent stitching together bits and pieces of network traffic versus actually analyzing an incident – stealing time from an urgent incident investigation.

nGenius Forensic Intelligence removes the complexity associated with network forensic analysis activities by delivering contextual visualization of IP communications sessions with automated reconstruction and contextual visual replay of a targeted session, enabling a incident investigator to see exactly what a user saw.

As historical packet data is analyzed, a chronological list of network activity is displayed. The incident investigator can replay individual events, or all events sequentially in precise chronological order with a point-and-click action.

The self-contained network forensic analysis module supports both IPv4 and IPv6 traffic and can reconstruct and replay hundreds of IP-based services and applications, including web services, e-mail, social media, and voice and video sessions. A simple and logical workflow enables a wide range of technical and non-technical users across IT operations teams to rapidly investigate targeted activities, users, or specific networked resources.

Filtering and searching capabilities streamline investigations, enabling the incident investigator to focus on specific activities, thus simplifying cyber investigations and speeding time to knowledge.

As part of the nGenius Service Assurance Solution, nGenius Forensic Intelligence supports highly complex, distributed network environments by leveraging the always-on monitoring capabilities of the nGenius InfiniStream appliance.

As a source of historical network traffic, the nGenius InfiniStream appliance provides high capacity, continuous packet capture for Gigabit and 10 Gigabit Ethernet links, with secure storage capacities ranging from 1TB to 96TB at a single network monitoring point. This flexibility enables IT organizations to scale data collection from hours, to days, to weeks to meet a wide-range of network forensics requirements.

The recently announced nGenius 1500 series packet flow switch further complements and strengthens network forensic activities by enabling IT teams to dynamically direct traffic from virtually anywhere in the network to an nGenius InfiniStream appliance for on-demand packet capture and facilitate rapid incident response or a targeted investigation.

nGenius Forensic Intelligence provides a highly secure environment with a zero-desktop footprint. All reconstructed data is stored on a dedicated secure server to maintain data security, minimize unnecessary network traffic and protect the incident investigator from any reconstructed malware. Role-based access policies protect against unauthorized access of sensitive data and provide a full audit trail of all incident investigator activities.