A Forensic Record of Everything, Ever.
According to the 2013 Verizon Data Breach Report, 66% of all attacks were discovered months or years after they occurred. Because PacketSled operates on a “metadata first” approach, it can store information about attacks for much longer durations than traditional platforms, giving you the required resolution to detect and deter these attacks. Scaling to billions of events per day, PacketSled can handle the largest, most complex network environments in the world.
Needle in the Haystack
PacketSled records all network sessions at up to 10Gbps wirespeed, extracting mission critical metadata and files from flows as they are recorded, making that data instantaneously available for analysis. Using advanced, interactive data visualizations, our platform enables rapid drilldown into massive datasets, allowing analysts to find the anomalies that represent threats to their organizations.
Selective Packet Capture
Current “NBAD” or “network forensics” solutions use full packet approach to store the data that they collect. Unless customers are willing to invest massively in storage, they have an extremely limited time resolution – typically 30 days. PacketSled starts with metadata generation, and only captures full packet where it is useful or required. Our solution uses, on average, 50X less storage than traditional analysis platforms, ensuring that you spend your time and budget on capabilities, not disks.
The historical problem with enterprise information security tools is that they’re forced to operate on a known quantity of attacks that are well understood. Even in the case of “zero day” attacks, signatures must be manually developed in order to identify bad actors and malicious software. This means that ultimately, analysts are only able to react, as they do not have the tools that enable them to be proactive. PacketSled can identify and alert on security anomalies without the use of traditional signatures.