Enterprise Networks: Accelerate Incidence Response and Reduce Costs
Large Enterprise Cyber Investigation Team Reduces Analysis Costs and Enhances Forensics Capabilities with Installed Packet Capture System
ISC8’s Cyber NetFalcon® delivers advanced queries spanning months over terabytes of Big Data can be displayed quickly to examine detailed forensic information once malicious activity has been detected. The Cyber NetFalcon® system provides unmatched coverage and long-term tracking of user applications, networks and devices to strengthen cybersecurity operations for enterprises, network operators and government agencies. The system provides a highly scalable architecture that can grow to meet the long term storage needs of the largest networks. Advanced queries spanning months over terabytes of data can be displayed quickly to examine detailed forensic information once malicious activity has been detected. A distributed Cyber NetFalcon system is installed in parallel with the legacy packet capture system in order to extend the research window and increase the coverage of the monitored subnets.
The customer is a large, global financial institution based in the United States. It is under strict regulatory obligations to provide a high-level of cybersecurity protection to their network and the data contained in those networked systems.
Until now the organization have been using a traditional packet capture infrastructure to keep a searchable trail of user activity on their network and to investigate and track potential data security breaches. The client could only afford to deploy coverage for a small part of their network using the traditional packet capture system because it was cost prohibitive to implement a large packet capture storage infrastructure to cover the entire network.
The integration of ISC8’s Cyber NetFalcon system provides a compelling, cost-effective complement to other third-party packet capture systems and offers additional clear benefits to the customer’s cybersecurity team. Cyber NetFalcon allows analysts to be more effective in performing their research duties by extending the available research window (i.e., the historical time window for analysis) while simultaneously reducing the required research time in a typical investigation. Furthermore, the advanced correlation capabilities ensure the information that is extracted is truly actionable rather than simply a raw data dump.
The customer was also able to utilize their current packet capture system much more efficiently due to their ISC8 Cyber NetFalcon deployment. Over the coming 3-year period, this optimization is expected to reduce operational costs associated with the packet capture infrastructure by 40%, and also eliminate a previously planned storage area network (SAN) expansion that will save over $1M. These benefits indicate a clear advantage to any organization looking to optimize their packet capture infrastructure and improve their incidence response (IR).