- Solutions
- Products
FlowTraq
FlowTraq Lite
- Flow Exporter
- InterMapper Flows
- Use Cases
- Resources
- News
- About
Network Forensics
Visibility is key: the industry-wide approach of a handful of prepackaged views is no longer up to the job.
Imagine your network is attacked: an intrusion, a botnet infection, or data theft. Imagine that attack remains undiscovered for hours, days, or even weeks. Management needs answers: “How do we stop it? What exactly happened? How do we prevent it from happening again?”
Regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes–Oxley Act (SOX), and the Payment Card Industry Data Security Standards all specify a collection of mandatory privacy and confidentiality standards for data retention and transmission. Many products claim to cover these standards in their broadest scope, all in their own specific manner. But with a virtually unlimited number of possible attack vectors for data leaks, how do you perform a meaningful forensic investigation? FlowTraq helps you quickly and efficiently trace which systems and networks, internal or external, communicated with your critical data containers.
We hear this kind of story from customers all the time; it’s a risky world, and we bet you have your own version. “Where were customer records leaked? How many of our systems are infected with this trojan? When was our database compromised, and from where did the attack originate?”
Faster Incident Response
Network incidents mean downtime, which leads to lost productivity for users dependent on your IT systems. The industry-wide practice of providing your network operators with a handful of prepackaged, “Top N”-style views of your network simply doesn’t give them enough to quickly understand the problem and fix it.
FlowTraq’s flexible view system lets your operators decide exactly how they want to see the data, which means they’ll get you back to business sooner.
Post-Incident Forensics
When a security incident occurs — and you know that this is a “when” not an “if” — you need to know what happened, to whom, and when. Proper investigation is the only way to determine what remediation needs to be done, and to protect your network from future attacks. Prior to an incident, it’s impossible to know what information will be necessary to execute a thorough investigation. The trouble is, most attacks represent only a tiny part of your regular traffic. Post-incident forensics is the art of studying how exactly needles are hidden in haystacks.
Packet capture systems save every byte that crosses the wire. That sounds like just the ticket, doesn’t it? But there are a lot of bytes crossing that wire, so full-cap systems have realistic retention times of only a few hours even with a vast backing store. If you get to it in time, you have the task of sorting through all the innocuous traffic to get at the incident, filtering out billions of packets to find maybe a dozen. But if you’re alerted to an incident a scant few hours after the fact, which happens all too often even in the best-instrumented networks, your evidence is gone.
Flow-based monitoring makes much more sense. It retains the most pertinent information: who sent how much data to whom, and when. You can afford to retain and retrieve orders of magnitude more flows than full packets, extending your reach back months or years. But most flow-based monitoring-only systems aggregate flow records over time, discarding actual flow records and replacing them with summaries to save time and space. That means that they discard exactly the data you need for post-incident forensics. That’s worse than useless: it leads you to think that you have data that you really don’t. When you go looking for the needle in your haystack, you’ll find that it was averaged and sampled into oblivion.
FlowTraq strikes the right balance between data fidelity and retention. Our custom database is powerful enough to retain and retrieve all records, paving the way for flow analysis that’s unmatched in power and flexibility. By storing flow records instead of packets or aggregations, we retain full-fidelity data that goes back far enough to stage a meaningful forensic investigation.
Get Started
Learn More
Free Flow Exporter
Export CISCO NetFlow datagrams to up to 16 flow collectors using TAP or SPAN. ProQSys Flow Exporter captures 100% of the data in an easy-to-deploy way
Download Now »