Provides Security Professionals with Unrivaled Insight to Quickly Identify Attacker ActivitySAN DIEGO, March 23, 2017 PacketSled, the Incident Response (IR) platform of choice for security experts, announced the release of its network visibility solution targeted for incident responders. The PacketSled IR platform enables incident and breach response teams to quickly identify attacker activity by monitoring network traffic, enriching threat context, and performing sophisticated analytics based on advanced protocol analysis gathered from the network.
The PacketSled platform weaponizes network visibility from deep packet inspection, protocol dissection, ensemble detection methods, and behavioral analysis with a visualization engine that provides first responders with an intuitive and efficient view of network activity. This capability combined with expert system automation and the ease of sensor implementation is critically valuable to incident responders.
According to PacketSled CEO, Fred Wilmot, the PacketSled sensor technology from the new IR platform can be installed in minutes and there is no need to ship expensive and bulky appliances to engagements. “We set out to build a flexible network visibility platform that incident responders can deploy anywhere quickly. Today, we are enabling first responders with that capability, shortening the gap between compromise detection and response and magnifying their capabilities in minutes,” said Wilmot.
“PacketSled provides IR investigators with the ability to monitor suspicious traffic by creating individual cases within it. It also provides the ability to trigger specific packet captures if suspicious traffic is starting and stopping, as is often the case with malware,” said David Biser, Manager of the Critical Incident Response Team at NTT Security. “Rather than ‘speaking’ continually, most malware will be silent until it is time to ‘phone home.’ If identified, you can enable PacketSled to conduct a packet capture of specific traffic that frees an investigator to continue to investigate other suspicious events. We have found the new platform from PacketSled to be a tremendous asset for the work that we do.”The PacketSled IR platform is not just extensible for IR tool chain integration, it is flexible in deployment options as well. Most incident response teams will take advantage of the PacketSled Cloud platform. However, for cloud-averse, security-restricted or classified environments, PacketSled provides a portable platform that can be shipped anywhere around the world.
In addition to fast and easy sensor deployment, IR teams can track and manage incident behavior through PacketSled Case Manager. Once IR teams find an attack behavior, responders can persist that logic through PacketSled’s Incident Response Expert System (IRES). IRES allows responders to add network indicators of compromise (IOC’s), behaviors, conditions and patterns with a few mouse clicks, leveraging MITRE’s ATT&CK framework. The Sensor Management Framework also allows responders to add custom intelligence feeds, including STIX objects for known campaign activity.
“If PacketSled were being utilized on the network prior to an incident it would provide those first responders with the ability to monitor, identify, and record suspicious events and traffic, which would then give the Incident Response analysts a far better ability to quickly identify the issue, mediate it and stop the attack. In one incident, I found what appeared to be a brute force attack. This application was making multiple calls utilizing SMB traffic that looked like an attempt to compromise a password. Once the behavior was identified through PacketSled’s platform, I was able to respond immediately and conduct a packet capture of specific traffic to collect artifacts and free me, as an investigator, to continue to explore other suspicious events,” added David Biser.PacketSled has seen a rapid rise in the use of its platform by IR teams, security consulting firms, and MSSPs due to their Threat Hunting capability. Many of the world’s leading IR consulting firms use PacketSled for identification, response and mitigation in their client base.
For more information on PacketSled’s IR Platform visit, www.packetsled.com.
About PacketSledPacketSled, the Incident Response (IR) platform of choice for security experts, automates incident response by fusing business context, AI, entity enrichment and detection with network visibility. Used for real-time analysis and response, PacketSled’s platform leverages continuous stream monitoring and retrospection to provide network forensics and security analytics. Used by response teams worldwide, security analysts and SOC teams can integrate PacketSled’s deep network context into their playbooks, SIEMS, or by itself to dramatically reduce investigation time, cost and expertise required to respond to persistent threats, malware, insider attacks, and nation state espionage efforts. The company has been named an innovator in leading publications and by security analysts, including SC Magazine, earning a perfect score in the online fraud group test. PacketSled is headquartered in San Diego, CA, with offices in Seattle, WA. For more information visit https://packetsled.com/.
Lumina Communications for PacketSled