Savvius network forensic tools
7 July 2016 | 0
Starting out as a network performance and packet inspection specialist, WildPackets found that its products were being used beyond their intended purpose.
With large customers such as Vodafone, RBS and Deutsche Telekom, it was hard to ignore the demand for increasingly security-focused usage, said Larry Zulch, CEO, Savvius.
“We noticed that our customers were using our products increasingly for security applications,” said Zulch, speaking to TechPro.
The company decided to embrace this new direction and develop specifically the security aspects of their applications and appliances.
This led to the founding of Savvius, said Zulch, as WildPackets no longer signified what the company was doing.
Now Savvius makes network forensic tools for security investigations, including an appliance, which was a first, said Zulch.
“One of the trends we are seeing is moving from exclusive reliance on perimeter and prevention, to including means of detection and incident response,” said Zulch.
This reflects the change in reliance on the likes of next-gen firewalls to the realisation that breaches and incidents are inevitable and a certain amount of forensics are required to know what has happened.
Now, malware is increasingly aware of traffic monitoring and the techniques being used to monitor them, so it has taken a step forward in monitoring and analysis to keep up, said Zulch. Also, this level of monitoring requires that the flow of monitor information to be stored for weeks or months so that the entire pattern of a breach can be examined, not just the aftermath.
Omnipliance is a family of capture appliances that can ingest and store network traffic at up to 20 Gbps for monitoring, forensics, and troubleshooting. OmniPeek software is for understanding and investigating networks, while Savvius Vigil is for intelligently storing weeks and months of network packets useful to security investigations.
Savvius Insight is the newest and addition to the Omnipliance family. It connects inline to the network with two bypass ports, and has three extra ports for span port captures. With the advanced expert system and extensive array of other visual and interactive analysis features built in, network professionals, IT consultants, and Splunk administrators are armed with the same calibre of tools for monitoring smaller networks that they are used to having for the data centre with Omnipliances appliances.
Savvius Insight performs all capture and analysis locally, and does not require the packets be sent over the network. Savvius Insight also enhances Omnipliance deployments by providing more capture points to take advantage of the built-in Multi-Segment Analysis features of the Omnipliance.
To interact with Savvius Insight, it includes OmniPeek Insight, an application with a very visual and interactive user interface. Savvius Insight also supports OmniPeek Connect, Professional, and Enterprise, which can be used to interact with multiple Savvius Insight devices and Omnipliances at the same time. Savvius Insight creates reports in csv, and pdf format, and generates native pcap files, which can be opened with other applications like Wireshark.
Long term reporting, aggregation, trending, baselining, projections, alerts, etc, are provided in Savvius Insight through a Splunk integration. The Savvius Dashboards for the Splunk Server are 100% web based, and can be freely downloaded from Splunkbase.com. The analysis provided by Savvius Insight devices to a Splunk Server can be correlated with other device data in Splunk for actionable insight and operational intelligence.
Savvius Vigil automates the collection of network traffic needed for security investigations into both alerts, reducing the likelihood of a breach, and into breaches, minimizing their impact. Even breaches not discovered for months can be effectively investigated using Vigil. Savvius Vigil, which integrates with all leading IDS/IPS systems, includes Omnipeek, award-winning network forensics software.
Omnipliance, says Savvius, is the fastest, most reliable range of network appliances available anywhere for packet capture and analysis. The Omnipliance WiFi is, says the maker, the only WLAN analysis and recorder appliance for multi-gigabit 802.11ac Networks. The Omnipliance TL is a powerful network analysis and recorder appliance for 10G/40G networks. The Omnipliance MX is a powerful, efficient network analysis and recorder appliance for 1G/10G networks.
The OmniPeek family of network analysis software is Savvius’s solution for monitoring, analysing, and troubleshooting networks of all kinds. It has has been designed to provide comprehensive visibility into network traffic: local and remote, wired and wireless, and networks of all speeds.