USD
GBP
CNY
EUR
INR
JPY
MYR
ZAR
KRW
THB
Network Security Forensics in the Incident Detection and Response Lifecycle
Network Security Forensics in the Incident Detection and Response Lifecycle
The Proof is in the Packet
RELEASE DATE
09-Mar-2018
09-Mar-2018
REGION
Global
Global
Research Code: K271-01-00-00-00
SKU: IT03628-GL-MR_21672
$3,000.00
Special Price $2,250.00 save 25 %
In stock
SKU
IT03628-GL-MR_21672
Description
Network security forensic tools get to the heart of the matter in cybersecurity and that is the proper indexing and correlation of packets. The most noted platforms include RSA NetWitness, Cisco Stealthwatch, Arbor Networks Spectrum, and IBM QRadar. However, often companies do not wish to use full packet capture platforms; and will consider solutions that have partial packet capture with metadata (PacketSled as an example). network security forensics tools offer a way to reduce the mean-time-to-detect (MTTD), and mean-time-to-respond (MTTR) to security incidents and, because these tools offer packet-level visibility, they find the root-cause of an incident.
This network security forensics report is developed in the context of an IDR framework. The framework explains varying attributes of Detection, Contextual Analysis, Remediation, and Restrictions/Penalties for cybersecurity technologies in the security operations center (SOC).
Two capabilities differentiate network security tools from other cybersecurity platforms:
1) Platforms are capable of full packet capture (PCAP), or
2) Other platforms use partial packet capture with metadata fields. Both types of tools are covered in the report and an explanation about the pros and cons can be found in Capacity Partial and Full Packet Capture.
RESEARCH: INFOGRAPHIC
This infographic presents a brief overview of the research, and highlights the key topics discussed in it.Click image to view it in full size
Table of Contents
Key Findings
Key Findings (continued)
Executive Summary—Key Questions This Study Will Answer
Introduction to the Research
Introduction to the Research (continued)
Network Security Forensics—Definitions
Network Security Forensics and Forensic Investigations
Network Security Forensics and Forensic Investigations (continued)
Network Security Forensics—Investigating an Alert
Network Security Forensics—Investigating an Alert (continued)
Network Security Forensics—Investigating a Breach
Network Security Forensics Origins by Technology Types
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Technology Types (continued)
Network Security Forensics Origins by Type of Technology (Table) (continued)
Drivers and Restraints
Drivers Explained
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Restraints Explained
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Capacity—Partial and Full Packet Capture
Capacity—Partial and Full Packet Capture (continued)
Capacity—Partial and Full Packet Capture (continued)
Capacity—Partial and Full Packet Capture (continued)
Network Security Forensics Role in IDR
Network Security Forensics Role in IDR (continued)
Attributes of Vendor Analysis of Network Security Forensics in IDR
Vendor Analysis of Network Security Forensics in IDR
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued) (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Vendor Analysis of Network Security Forensics in IDR (continued)
Notes About the Road Ahead
Notes About the Road Ahead (continued)
The Last Word—Predictions
The Last Word—Recommendations
Legal Disclaimer
Vendor Profile—Arbor Networks, the Security Division of NETSCOUT
Vendor Profile—Arbor Networks, the Security Division of NETSCOUT (continued)
Vendor Profile—Arbor Networks, the Security Division of NETSCOUT (continued)
Vendor Profile—Cisco
Vendor Profile—Cisco (continued)
Vendor Profile—Cisco (continued)
Vendor Profile—Cisco (continued)
Vendor Profile—Corelight
Vendor Profile—Corelight (continued)
Vendor Profile—CSPi
Vendor Profile—CSPi (continued)
Vendor Profile—CSPi (continued)
Vendor Profile—LogRhythm
Vendor Profile—LogRhythm (continued)
Vendor Profile—NetFort
Vendor Profile—NIKSUN (Big Data Analytics on Lossless Full Packet Capture)
Vendor Profile—NIKSUN (continued)
Vendor Profile—Savvius
Vendor Profile—Savvius (continued)
Vendor Profile—Symantec
Vendor Profile—Symantec (continued)
Vendor Profile—Symantec (continued)
Vendor Profile—Symantec (continued)
Vendor Profile—Symantec (continued)
Vendor Profile—Symantec (continued)
Vendor Profile—VIAVI Solutions
Vendor Profile—VIAVI Solutions (continued)
APPENDIX A—What are the Criteria in Multifactor Incident Detection and Response (IDR)
APPENDIX A—Cybersecurity Technology Classes Included in Multifactor IDR
APPENDIX A—Cybersecurity Technology Classes Not Included in Multifactor IDR (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)
APPENDIX C—Definitions of Common Terms Used in Network Security Forensics
APPENDIX C—Definitions of Common Terms Used in Network Security Forensics (continued)
APPENDIX C—Definitions of Common Terms Used in Network Security Forensics (continued)
APPENDIX C—Definitions of Common Terms Used in Network Security Forensics (continued)
Methodology
The Frost & Sullivan Story
Value Proposition: Future of Your Company & Career
Global Perspective
Industry Convergence
360º Research Perspective
Implementation Excellence
Our Blue Ocean Strategy
Network security forensic tools get to the heart of the matter in cybersecurity and that is the proper indexing and correlation of packets. The most noted platforms include RSA NetWitness, Cisco Stealthwatch, Arbor Networks Spectrum, and IBM QRadar. However, often companies do not wish to use full packet capture platforms; and will consider solutions that have partial packet capture with metadata (PacketSled as an example). network security forensics tools offer a way to reduce the mean-time-to-detect (MTTD), and mean-time-to-respond (MTTR) to security incidents and, because these tools offer packet-level visibility, they find the root-cause of an incident.
This network security forensics report is developed in the context of an IDR framework. The framework explains varying attributes of Detection, Contextual Analysis, Remediation, and Restrictions/Penalties for cybersecurity technologies in the security operations center (SOC).
Two capabilities differentiate network security tools from other cybersecurity platforms:
1) Platforms are capable of full packet capture (PCAP), or
2) Other platforms use partial packet capture with metadata fields. Both types of tools are covered in the report and an explanation about the pros and cons can be found in Capacity Partial and Full Packet Capture.
| No Index | No |
|---|---|
| Podcast | No |
| Author | Christopher Kissel |
| Industries | Information Technology |
| WIP Number | K271-01-00-00-00 |
| Is Prebook | No |
| GPS Codes | 9659,9705-C1 |