After an attack or incident, you need full data recall – complete digital evidence to understand what happened, how long it was happening, and what other systems may have been affected.
Only FlowTraq provides full-fidelity forensics with the full digital evidence you need for intra- and post-attack analysis.
FlowTraq uses a custom database powerful enough to retain and retrieve all records, paving the way for flow analysis that’s unmatched in power and flexibility. By storing flow records instead of packets or aggregations, FlowTraq retains full-fidelity data that goes back far enough to stage a meaningful incident response and forensic investigation.
Investigating the traffic that traversed your network may often give a strong clue as to the nature of the issue at hand. Botnet traffic, remote administration tools, large data transfers to external addresses will all provide insight into the nature of the compromise.
Once an incident is discovered, your forensic investigation must answer three key questions:
Your ability to get the answers lies in the difference between full-cap and full-fidelity.
Although full packet capture gives the ability to look deep inside the packets and find possible minute details hidden there, it offers a microscopic view where a macroscopic view is desired. Full-cap often does not have a long enough history to be useful in an investigation, nor is it fast enough for real-time analysis. For example, a network with a saturated 100MBit uplink to an ISP will fill 12 megabytes per second of full-cap storage. That is 43 gigabytes per hour, and about 1 terabyte per day.
These important questions can only be answered if sufficient traffic history is captured. It is therefore useful to monitor multiple points in the network, and keep full-fidelity data around for weeks or even months. Full-capture cannot scale to this level; only FlowTraq’s full-fidelity flow analytics can.
FlowTraq is designed for full network data recall, and will scale far into the future. Even though network traffic is increasing, the total number of flows per host on your network has remained relatively steady over the years. The reason is that people have a limited ability to consume emails, watch videos, and browse web pages. The content is constantly gaining in resolution, which is driving the rise in required network bandwidth, but the number of communications (and thus network flows) rises only slowly. This allows even smaller organizations to implement network forensics with great accuracy, and without breaking the bank.
Regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes–Oxley Act (SOX), the Federal Information Security Management Act (FISMA), and the Payment Card Industry Data Security Standards (PCI-DSS) all specify mandatory privacy and confidentiality standards for data retention and transmission. Many products claim to cover these standards in their broadest scope, all in their own specific manner, but with a virtually unlimited number of possible attack vectors for data leaks, how do you perform a meaningful forensic investigation? FlowTraq helps you quickly and efficiently trace which systems and networks, internal or external, communicated with your critical data containers.