SPECTRAMI - EMEA Value Added Distributor for Security, Network Visibility, and Performance Monitoring Solutions

How to improve Application and Data Integrity

Data integrity Chances are that your organization has already made significant investments in setting up security related Incident Response processes and accompanied monitoring systems:
    • Web application and other type of firewalls to assure only well-known, trusted application traffic is passing.
    • SIEM systems like for example Splunk or its Open Source equivalent known as Elasticsearch (completed with Logstash and Kibana) to monitor the content of log files.
    • Intrusion Detection System (i.e. an IDS) to detect strange behavior of application traffic once beyond the firewall.
    • Intrusion Prevention System (i.e. an IPS) to detect and (optionally) clean-up strange application traffic once beyond the firewall and before it is forwarded to its final destination.
    These security systems partly rely on a signature database; partly rely on machine-learning driven detection methods and technologies. Machine-learning enable these systems to distinguish between "good" and "bad" application traffic without having a signature in the database.

    Selectively storing and analyzing packets

    These type of monitoring systems have different data sources. One of these data sources is the network and its packets. The good part of network packets is that they always contain the absolute truth of what is happening with an application and its data. The lesser part is that storing and processing a large amount of packets is very expensive and even more time consuming. It would be more than welcome to have "something" that is able to capture and store only the packets belonging to a suspicious application flow as identified by an IDS/IPS type of monitoring system; ideally completed with the packets shortly before and after the suspicious packets!

    This is exactly what Vigil (from Savvius) is built for! The complementary Omnipeek Security Forensic Packet Analyzer supports you in quickly analyzing the remaining packets. For example in determining to what extend the integrity of an application and its data is not what it should be.

    How this helps you and your organization

    By automating the data collection part and speeding up the analysis, you and your organization are well positioned for meeting the compliance ruling of reporting a security breach within 2 days. Not only that; you are already starting with corrective actions well within these 2 days!

    How the integration is accomplished

    The integration is based on syslog messages as forwarded by an existing IDS/IPS system. These syslog messages contain the IP addresses that are needed for an effective and efficient packet capture filter. A new alert is then forwarded to the Incident Response System. This alert is enriched with the link to the PCAP file that contains the related, suspicious network packets.

    With this approach, the impact on existing IDS/IPS systems is limited to none, because apart from entering a new forwarding address for a selective amount of syslog messages, no configuration changes are needed.

    Taking the Next Step

    Talk to us and learn how you can benefit from quickly analyzing the integrity of your business applications and their data.
    Interested in this service?
    Don't hesitate to call us:
    +49 6102 7487-0

    Detailed and Real-Time

    • Stores all network packets that are classified as suspicions by your IDS/IPS system.
    • Supports several months of retrospective analysis because of its 96 TBytes of storage.
    • Flexible connectivity with several 1-gig and 10-gig Ethernet ports.
    • Network packets are stored in PCAP format so you can use your favorite Wireshark analysis capabilities.
    • Includes Omnipeek Security Forensic Analyses; a Wireshark-on-steroids type of Windows application.

    Easy Integrations

    Savvius Vigil integrates very easy with existing, well-known IDS/IPS solutions like:
    • HP ArcSight
    • Cisco | Lancope
    • Sophos Cyberoam
    • HP Enterprise
    • IBM
    • IXIA
    • Palo Alto Networks
    • Snort
    • Suricata

Talk to us

+49 6102 748-0