Webinar: Top Tips for Effective Cyber Threat Hunting Watch Now
FlowTraq > Full-fidelity Network Forensics

Full-fidelity Network Forensics

After an attack or incident, you need full data recall – complete digital evidence to understand what happened, how long it was happening, and what other systems may have been affected.

Only FlowTraq provides full-fidelity forensics with the full digital evidence you need for intra- and post-attack analysis.

FlowTraq Strikes the Right Balance Between Data Fidelity and Retention

FlowTraq uses a custom database powerful enough to retain and retrieve all records, paving the way for flow analysis that’s unmatched in power and flexibility. By storing flow records instead of packets or aggregations, FlowTraq retains full-fidelity data that goes back far enough to stage a meaningful incident response and forensic investigation.

FlowTraq improves network forensics with full-fidelity data

The Three Key Questions of Network Forensics

Investigating the traffic that traversed your network may often give a strong clue as to the nature of the issue at hand. Botnet traffic, remote administration tools, large data transfers to external addresses will all provide insight into the nature of the compromise.

Once an incident is discovered, your forensic investigation must answer three key questions:

  1. Where did the network traffic come from?
  2. When did the network traffic start?
  3. Are any other systems affected?

Your ability to get the answers lies in the difference between full-cap and full-fidelity.

Although full packet capture gives the ability to look deep inside the packets and find possible minute details hidden there, it offers a microscopic view where a macroscopic view is desired. Full-cap often does not have a long enough history to be useful in an investigation, nor is it fast enough for real-time analysis. For example, a network with a saturated 100MBit uplink to an ISP will fill 12 megabytes per second of full-cap storage. That is 43 gigabytes per hour, and about 1 terabyte per day.

These important questions can only be answered if sufficient traffic history is captured. It is therefore useful to monitor multiple points in the network, and keep full-fidelity data around for weeks or even months. Full-capture cannot scale to this level; only FlowTraq’s full-fidelity flow analytics can.

FlowTraq was Specifically Designed with Network Forensics in Mind

FlowTraq is designed for full network data recall, and will scale far into the future. Even though network traffic is increasing, the total number of flows per host on your network has remained relatively steady over the years. The reason is that people have a limited ability to consume emails, watch videos, and browse web pages. The content is constantly gaining in resolution, which is driving the rise in required network bandwidth, but the number of communications (and thus network flows) rises only slowly. This allows even smaller organizations to implement network forensics with great accuracy, and without breaking the bank.

Retain Traffic Flow Records for Regulatory Compliance

Regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes–Oxley Act (SOX), the Federal Information Security Management Act (FISMA), and the Payment Card Industry Data Security Standards (PCI-DSS) all specify mandatory privacy and confidentiality standards for data retention and transmission. Many products claim to cover these standards in their broadest scope, all in their own specific manner, but with a virtually unlimited number of possible attack vectors for data leaks, how do you perform a meaningful forensic investigation? FlowTraq helps you quickly and efficiently trace which systems and networks, internal or external, communicated with your critical data containers.

Improve your network forensics capabilities will full-fidelity data recall.

Request a Free Trial of FlowTraq or Schedule a Live Demo Today.