Network Security Forensics in the Incident Detection and Response Lifecycle

Network Security Forensics in the Incident Detection and Response Lifecycle

The Proof is in the Packet

RELEASE DATE
09-Mar-2018
REGION
Global
Deliverable Type
Market Research
Research Code: K271-01-00-00-00
SKU: IT03628-GL-MR_21672
AvailableYesPDF Download

$3,000.00

Special Price $2,250.00 save 25 %

In stock
SKU
IT03628-GL-MR_21672

$3,000.00

$2,250.00save 25 %

DownloadLink
ENQUIRE NOW

Description

Network security forensic tools get to the heart of the matter in cybersecurity and that is the proper indexing and correlation of packets. The most noted platforms include RSA NetWitness, Cisco Stealthwatch, Arbor Networks Spectrum, and IBM QRadar. However, often companies do not wish to use full packet capture platforms; and will consider solutions that have partial packet capture with metadata (PacketSled as an example). network security forensics tools offer a way to reduce the mean-time-to-detect (MTTD), and mean-time-to-respond (MTTR) to security incidents and, because these tools offer packet-level visibility, they find the root-cause of an incident.

This network security forensics report is developed in the context of an IDR framework. The framework explains varying attributes of Detection, Contextual Analysis, Remediation, and Restrictions/Penalties for cybersecurity technologies in the security operations center (SOC).

Two capabilities differentiate network security tools from other cybersecurity platforms:

1) Platforms are capable of full packet capture (PCAP), or

2) Other platforms use partial packet capture with metadata fields. Both types of tools are covered in the report and an explanation about the pros and cons can be found in Capacity Partial and Full Packet Capture.

RESEARCH: INFOGRAPHIC

This infographic presents a brief overview of the research, and highlights the key topics discussed in it.
Click image to view it in full size

Table of Contents

Key Findings

Key Findings (continued)

Executive Summary—Key Questions This Study Will Answer

Introduction to the Research

Introduction to the Research (continued)

Network Security Forensics—Definitions

Network Security Forensics and Forensic Investigations

Network Security Forensics and Forensic Investigations (continued)

Network Security Forensics—Investigating an Alert

Network Security Forensics—Investigating an Alert (continued)

Network Security Forensics—Investigating a Breach

Network Security Forensics Origins by Technology Types

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Technology Types (continued)

Network Security Forensics Origins by Type of Technology (Table) (continued)

Drivers and Restraints

Drivers Explained

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Drivers Explained (continued)

Restraints Explained

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Restraints Explained (continued)

Capacity—Partial and Full Packet Capture

Capacity—Partial and Full Packet Capture (continued)

Capacity—Partial and Full Packet Capture (continued)

Capacity—Partial and Full Packet Capture (continued)

Network Security Forensics Role in IDR

Network Security Forensics Role in IDR (continued)

Attributes of Vendor Analysis of Network Security Forensics in IDR

Vendor Analysis of Network Security Forensics in IDR

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued) (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Vendor Analysis of Network Security Forensics in IDR (continued)

Notes About the Road Ahead

Notes About the Road Ahead (continued)

The Last Word—Predictions

The Last Word—Recommendations

Legal Disclaimer

Vendor Profile—Arbor Networks, the Security Division of NETSCOUT

Vendor Profile—Arbor Networks, the Security Division of NETSCOUT (continued)

Vendor Profile—Arbor Networks, the Security Division of NETSCOUT (continued)

Vendor Profile—Cisco

Vendor Profile—Cisco (continued)

Vendor Profile—Cisco (continued)

Vendor Profile—Cisco (continued)

Vendor Profile—Corelight

Vendor Profile—Corelight (continued)

Vendor Profile—CSPi

Vendor Profile—CSPi (continued)

Vendor Profile—CSPi (continued)

Vendor Profile—LogRhythm

Vendor Profile—LogRhythm (continued)

Vendor Profile—NetFort

Vendor Profile—NIKSUN (Big Data Analytics on Lossless Full Packet Capture)

Vendor Profile—NIKSUN (continued)

Vendor Profile—Savvius

Vendor Profile—Savvius (continued)

Vendor Profile—Symantec

Vendor Profile—Symantec (continued)

Vendor Profile—Symantec (continued)

Vendor Profile—Symantec (continued)

Vendor Profile—Symantec (continued)

Vendor Profile—Symantec (continued)

Vendor Profile—VIAVI Solutions

Vendor Profile—VIAVI Solutions (continued)

APPENDIX A—What are the Criteria in Multifactor Incident Detection and Response (IDR)

APPENDIX A—Cybersecurity Technology Classes Included in Multifactor IDR

APPENDIX A—Cybersecurity Technology Classes Not Included in Multifactor IDR (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX B—Explaining Individual Attributes of the IDR Lifecycle (continued)

APPENDIX C—Definitions of Common Terms Used in Network Security Forensics

APPENDIX C—Definitions of Common Terms Used in Network Security Forensics (continued)

APPENDIX C—Definitions of Common Terms Used in Network Security Forensics (continued)

APPENDIX C—Definitions of Common Terms Used in Network Security Forensics (continued)

Methodology

The Frost & Sullivan Story

Value Proposition: Future of Your Company & Career

Global Perspective

Industry Convergence

360º Research Perspective

Implementation Excellence

Our Blue Ocean Strategy

Network security forensic tools get to the heart of the matter in cybersecurity and that is the proper indexing and correlation of packets. The most noted platforms include RSA NetWitness, Cisco Stealthwatch, Arbor Networks Spectrum, and IBM QRadar. However, often companies do not wish to use full packet capture platforms; and will consider solutions that have partial packet capture with metadata (PacketSled as an example). network security forensics tools offer a way to reduce the mean-time-to-detect (MTTD), and mean-time-to-respond (MTTR) to security incidents and, because these tools offer packet-level visibility, they find the root-cause of an incident. This network security forensics report is developed in the context of an IDR framework. The framework explains varying attributes of Detection, Contextual Analysis, Remediation, and Restrictions/Penalties for cybersecurity technologies in the security operations center (SOC). Two capabilities differentiate network security tools from other cybersecurity platforms: 1) Platforms are capable of full packet capture (PCAP), or 2) Other platforms use partial packet capture with metadata fields. Both types of tools are covered in the report and an explanation about the pros and cons can be found in Capacity Partial and Full Packet Capture.
More Information
Deliverable Type Market Research
No Index No
Podcast No
Author Christopher Kissel
Industries Information Technology
WIP Number K271-01-00-00-00
Is Prebook No
GPS Codes 9659,9705-C1