nGenius Forensic Intelligence - NetScout
nGenius Forensic Intelligence - NetScout
nGenius Forensic Intelligence - NetScout
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong><br />
Purpose-built, Comprehensive Network <strong>Forensic</strong> Analysis Module for the <strong>nGenius</strong> Service Assurance Solution<br />
Why Consider <strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong>?<br />
<strong>nGenius</strong> ® <strong>Forensic</strong> <strong>Intelligence</strong> helps organizations<br />
conduct targeted investigations of suspicious network<br />
activity by offering unparalleled visibility into the content of<br />
IP traffi c. For security investigations – whether it pertains<br />
to a breach by hackers or malware, or internal fraud<br />
investigations – having access to the actual content of<br />
IP traffi c and being able to automatically reconstruct and<br />
replay network activity will accelerate time to knowledge.<br />
By leveraging the same data source used in <strong>nGenius</strong><br />
Service Assurance Solution, organizations can leverage<br />
their existing investments in <strong>nGenius</strong> Infi niStream ®<br />
appliances to add an extremely powerful and scalable<br />
ENTERPRISE<br />
<strong>nGenius</strong><br />
InfiniStream<br />
<strong>nGenius</strong><br />
InfiniStream<br />
traffi c capture capability for security-related network<br />
forensic analysis.<br />
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> provides an unprecedented<br />
level visibility into the content of Internet communications<br />
by automating the reconstruction of captured network traffi c<br />
up to the application layer. Combined with an intuitive and<br />
easy-to-use graphical user interface and powerful fi ltering<br />
capabilities, investigators can zoom in on the source of<br />
the breach and gain context into specifi c targeted activity.<br />
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> will be able to reconstruct<br />
and provide a high defi nition visual replay with point-andclick<br />
analysis for most common Internet communications<br />
including email, social media, chat, Web, voice and video.<br />
<strong>nGenius</strong><br />
InfiniStream<br />
<strong>nGenius</strong><br />
InfiniStream<br />
Branch Office<br />
<strong>nGenius</strong><br />
InfiniStream<br />
Data Center Network Perimeter Users<br />
Figure 1: <strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> delivers clear contextual insights into network activity for security forensic<br />
investigation and incident response.<br />
QUICK LOOK<br />
What Challenges Does <strong>nGenius</strong> <strong>Forensic</strong><br />
<strong>Intelligence</strong> Solve?<br />
Businesses today are coming under increasing – and<br />
increasingly sophisticated – attack by hackers and<br />
malware. In addition, fraud is being perpetrated by<br />
increasingly high-tech means. These security threats –<br />
internal and external – have introduced a new reality in<br />
network security – it is no longer a question if a business<br />
will be breached, but rather when.<br />
Coupled with an increasing number of security incidents<br />
and regulatory demands, businesses must gain visibility<br />
into what is happening within their operational domain.<br />
Reacting quickly and decisively to a breach, and being<br />
able to present a clear and concise post-breach analysis<br />
in a timely manner, is now crucial to preserve a business’s<br />
reputation with customers. While traditional network<br />
security approaches have focused mainly on securing<br />
the perimeter, this perimeter is becoming increasingly<br />
porous. Trends like ‘bring your own device’ (BYOD) fi lled<br />
by IT consumerization, and an increase in the number of<br />
customer-facing Web services, calls for a new focus on<br />
network activity within this perimeter.<br />
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> provides quick timeto-knowledge<br />
for security-related investigations by<br />
providing a simple, contextual and chronological accurate<br />
representation of targeted network activity. The packet<br />
data for reconstruction of network activity is collected from<br />
widely deployed <strong>nGenius</strong> Infi niStream appliances, enabling<br />
visibility throughout the operational domain. Point-and-click<br />
visualization and replay of targeted network activity makes<br />
security forensic analysis easy.
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong><br />
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> offers unrivaled automated<br />
reconstruction and visual replay of IP traffi c within a<br />
business’s operational domain. Using <strong>nGenius</strong> Infi niStream<br />
appliances as the packet data source, <strong>nGenius</strong> <strong>Forensic</strong><br />
<strong>Intelligence</strong> can combine and reconstruct network activity<br />
with differing parameters to give the user maximum<br />
fl exibility to defi ne and analyze the most appropriate and<br />
relevant network activity related to a security investigation.<br />
By presenting this data chronologically for automatic or<br />
manual replay in a user-friendly interface, the packet<br />
data gains valuable context – an important tool when reenacting<br />
the sequence of events leading up to a breach.<br />
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> enables businesses to<br />
discover what, when, where, how and who, about a<br />
security breach.<br />
When stored packets from an <strong>nGenius</strong> Infi niStream<br />
appliance are streamed into <strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong>,<br />
it immediately begins the automated process of session<br />
reconstruction. The self-contained network forensic<br />
analysis module supports both IPv4 and IPv6 traffi c and<br />
can reconstruct and replay hundreds of IP-based services<br />
and applications, including Web services, email, social<br />
media, and voice and video sessions. A simple and<br />
logical workfl ow enables a wide range of technical and<br />
non-technical users across IT operations teams to rapidly<br />
investigate targeted activities, users, or specifi c networked<br />
resources.<br />
Incident investigators access and analyze reconstructed<br />
content using a Firefox ® Web browser, ensuring light<br />
client-side footprint, as well as minimizing risk from any<br />
reconstructed malware. By automatically displaying<br />
this content in a chronological view, <strong>nGenius</strong> <strong>Forensic</strong><br />
For more information, please visit<br />
www.netscout.com or contact <strong>NetScout</strong><br />
at 800-309-4804 or +1 978-614-4000<br />
<strong>Intelligence</strong> facilitates the recreation of the entire activity<br />
without the need to manually stitch together different<br />
pieces of information. Like the pages of a book –<br />
individually, they’re not very useful, but collect those in the<br />
right order to capture the whole story.<br />
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> has been architected from<br />
the ground up as a forensically sound solution. This is<br />
illustrated by the consistent use of the original packets for<br />
all the reconstructed activity. <strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong><br />
uses standard and custom-based authentication methods<br />
to allow access to users. It also comes with extensive<br />
logging capabilities, enabling audit of all the user and<br />
administrative activities. <strong>nGenius</strong> Infi niStream appliance<br />
is a trusted and reliable source for rich and secure<br />
historical network traffi c, all the communication to and from<br />
Infi niStream is encrypted.<br />
Use Cases<br />
<strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong> can be used for variety of<br />
security analysis and investigation purposes. The following<br />
are three example use cases:<br />
• Incident Analysis - Back-in-time analysis of specifi c<br />
Cyber Security incident to identify and analyze<br />
suspected activity to determine and identify entry/exit<br />
path, impact, loss and clean-up actions<br />
• Investigation - Confi dently investigate suspected<br />
insider threats, fraudulent activities and suspicious<br />
behaviors<br />
• Data Loss - Identify data and assets that were<br />
compromised, understand who performed which acts<br />
and the methods used to steal the sensitive data<br />
Americas East<br />
310 Littleton Road<br />
Westford, MA 01886-4105<br />
Phone: 978-614-4000<br />
Toll Free: 800-357-7666<br />
Americas West<br />
178 E. Tasman Drive<br />
San Jose, CA 95134<br />
Phone: 408-571-5000<br />
<strong>NetScout</strong> offers sales, support, and services in over 32 countries.<br />
QUICK LOOK | <strong>nGenius</strong> <strong>Forensic</strong> <strong>Intelligence</strong><br />
What Are the Benefi ts to Using <strong>nGenius</strong><br />
<strong>Forensic</strong> <strong>Intelligence</strong>?<br />
• Clear contextual insights into network activity for security<br />
forensic analysis and investigation<br />
• Comprehensive reconstruction of most common IP<br />
communications for total visibility into network activity<br />
• Faster time to knowledge - accelerate response and<br />
resolution into security incidents<br />
• Easily view and analyze reconstructed events with pointand-click<br />
analysis of chronologically displayed content<br />
• Quick identifi cation of a security breach facilitating<br />
mitigation efforts - who, what, when and how?<br />
• Recreate user or malicious activity exactly as it occurred<br />
to get a clear understanding into a security breach<br />
• Ease of deployment – simple plug-and-play operation<br />
• Highly scalable with fi ltered data from multiple <strong>nGenius</strong><br />
Infi niStream appliances<br />
• Lowers TCO – single data source has a lower operating<br />
expenditure than disparate point data sources<br />
• <strong>Forensic</strong>ally sound, consistent use of the original<br />
packets<br />
• Secure operating environment including role-based<br />
administration and extensive audit logging<br />
Asia Pacifi c<br />
17F/B<br />
No. 167 Tun Hwa N. Road<br />
Taipei 105, Taiwan<br />
Phone: +886 2 2717 1999<br />
Europe<br />
One Canada Square<br />
29th fl oor, Canary Wharf<br />
London E14 5DY, United Kingdom<br />
Phone: +44 207 712 1672<br />
Copyright © 2012 <strong>NetScout</strong> Systems, Inc. All rights reserved. <strong>NetScout</strong>, <strong>nGenius</strong>, and Infi niStream are registered trademarks of <strong>NetScout</strong> Systems, Inc. and/or its affi liates in the<br />
United States and/or other countries. All other brands and product names, and registered and unregistered trademarks are the sole property of their respective owners. <strong>NetScout</strong><br />
reserves the right, at its sole discretion, to make changes at any time in its technical information, specifi cations, and service and support programs. This product is only available<br />
for sale and use in certain countries, regions or legal territories, contact <strong>NetScout</strong> to determine eligibility.<br />
EQL_018-12