nGenius Forensic Intelligence - NetScout

nGenius Forensic Intelligence 

Purpose-built, Comprehensive Network Forensic Analysis Module for the nGenius Service Assurance Solution 

Why Consider nGenius Forensic Intelligence? 

nGenius ® Forensic Intelligence helps organizations 

conduct targeted investigations of suspicious network 

activity by offering unparalleled visibility into the content of 

IP traffi c. For security investigations – whether it pertains 

to a breach by hackers or malware, or internal fraud 

investigations – having access to the actual content of 

IP traffi c and being able to automatically reconstruct and 

replay network activity will accelerate time to knowledge. 

By leveraging the same data source used in nGenius 

Service Assurance Solution, organizations can leverage 

their existing investments in nGenius Infi niStream ® 

appliances to add an extremely powerful and scalable 

ENTERPRISE 

nGenius 

InfiniStream 


InfiniStream 

traffi c capture capability for security-related network 

forensic analysis. 

nGenius Forensic Intelligence provides an unprecedented 

level visibility into the content of Internet communications 

by automating the reconstruction of captured network traffi c 

up to the application layer. Combined with an intuitive and 

easy-to-use graphical user interface and powerful fi ltering 

capabilities, investigators can zoom in on the source of 

the breach and gain context into specifi c targeted activity. 

nGenius Forensic Intelligence will be able to reconstruct 

and provide a high defi nition visual replay with point-andclick 

analysis for most common Internet communications 

including email, social media, chat, Web, voice and video. 


InfiniStream 


InfiniStream 

Branch Office 


InfiniStream 

Data Center Network Perimeter Users 

Figure 1: nGenius Forensic Intelligence delivers clear contextual insights into network activity for security forensic 

investigation and incident response. 

QUICK LOOK 

What Challenges Does nGenius Forensic 

Intelligence Solve? 

Businesses today are coming under increasing – and 

increasingly sophisticated – attack by hackers and 

malware. In addition, fraud is being perpetrated by 

increasingly high-tech means. These security threats – 

internal and external – have introduced a new reality in 

network security – it is no longer a question if a business 

will be breached, but rather when. 

Coupled with an increasing number of security incidents 

and regulatory demands, businesses must gain visibility 

into what is happening within their operational domain. 

Reacting quickly and decisively to a breach, and being 

able to present a clear and concise post-breach analysis 

in a timely manner, is now crucial to preserve a business’s 

reputation with customers. While traditional network 

security approaches have focused mainly on securing 

the perimeter, this perimeter is becoming increasingly 

porous. Trends like ‘bring your own device’ (BYOD) fi lled 

by IT consumerization, and an increase in the number of 

customer-facing Web services, calls for a new focus on 

network activity within this perimeter. 

nGenius Forensic Intelligence provides quick timeto-knowledge 

for security-related investigations by 

providing a simple, contextual and chronological accurate 

representation of targeted network activity. The packet 

data for reconstruction of network activity is collected from 

widely deployed nGenius Infi niStream appliances, enabling 

visibility throughout the operational domain. Point-and-click 

visualization and replay of targeted network activity makes 

security forensic analysis easy.

nGenius Forensic Intelligence 

nGenius Forensic Intelligence offers unrivaled automated 

reconstruction and visual replay of IP traffi c within a 

business’s operational domain. Using nGenius Infi niStream 

appliances as the packet data source, nGenius Forensic 

Intelligence can combine and reconstruct network activity 

with differing parameters to give the user maximum 

fl exibility to defi ne and analyze the most appropriate and 

relevant network activity related to a security investigation. 

By presenting this data chronologically for automatic or 

manual replay in a user-friendly interface, the packet 

data gains valuable context – an important tool when reenacting 

the sequence of events leading up to a breach. 

nGenius Forensic Intelligence enables businesses to 

discover what, when, where, how and who, about a 

security breach. 

When stored packets from an nGenius Infi niStream 

appliance are streamed into nGenius Forensic Intelligence, 

it immediately begins the automated process of session 

reconstruction. The self-contained network forensic 

analysis module supports both IPv4 and IPv6 traffi c and 

can reconstruct and replay hundreds of IP-based services 

and applications, including Web services, email, social 

media, and voice and video sessions. A simple and 

logical workfl ow enables a wide range of technical and 

non-technical users across IT operations teams to rapidly 

investigate targeted activities, users, or specifi c networked 

resources. 

Incident investigators access and analyze reconstructed 

content using a Firefox ® Web browser, ensuring light 

client-side footprint, as well as minimizing risk from any 

reconstructed malware. By automatically displaying 

this content in a chronological view, nGenius Forensic 

For more information, please visit 

www.netscout.com or contact NetScout 

at 800-309-4804 or +1 978-614-4000 

Intelligence facilitates the recreation of the entire activity 

without the need to manually stitch together different 

pieces of information. Like the pages of a book – 

individually, they’re not very useful, but collect those in the 

right order to capture the whole story. 

nGenius Forensic Intelligence has been architected from 

the ground up as a forensically sound solution. This is 

illustrated by the consistent use of the original packets for 

all the reconstructed activity. nGenius Forensic Intelligence 

uses standard and custom-based authentication methods 

to allow access to users. It also comes with extensive 

logging capabilities, enabling audit of all the user and 

administrative activities. nGenius Infi niStream appliance 

is a trusted and reliable source for rich and secure 

historical network traffi c, all the communication to and from 

Infi niStream is encrypted. 

Use Cases 

nGenius Forensic Intelligence can be used for variety of 

security analysis and investigation purposes. The following 

are three example use cases: 

• Incident Analysis - Back-in-time analysis of specifi c 

Cyber Security incident to identify and analyze 

suspected activity to determine and identify entry/exit 

path, impact, loss and clean-up actions 

• Investigation - Confi dently investigate suspected 

insider threats, fraudulent activities and suspicious 

behaviors 

• Data Loss - Identify data and assets that were 

compromised, understand who performed which acts 

and the methods used to steal the sensitive data 

Americas East 

310 Littleton Road 

Westford, MA 01886-4105 

Phone: 978-614-4000 

Toll Free: 800-357-7666 

Americas West 

178 E. Tasman Drive 

San Jose, CA 95134 

Phone: 408-571-5000 

NetScout offers sales, support, and services in over 32 countries. 

QUICK LOOK | nGenius Forensic Intelligence 

What Are the Benefi ts to Using nGenius 

Forensic Intelligence? 

• Clear contextual insights into network activity for security 

forensic analysis and investigation 

• Comprehensive reconstruction of most common IP 

communications for total visibility into network activity 

• Faster time to knowledge - accelerate response and 

resolution into security incidents 

• Easily view and analyze reconstructed events with pointand-click 

analysis of chronologically displayed content 

• Quick identifi cation of a security breach facilitating 

mitigation efforts - who, what, when and how? 

• Recreate user or malicious activity exactly as it occurred 

to get a clear understanding into a security breach 

• Ease of deployment – simple plug-and-play operation 

• Highly scalable with fi ltered data from multiple nGenius 

Infi niStream appliances 

• Lowers TCO – single data source has a lower operating 

expenditure than disparate point data sources 

• Forensically sound, consistent use of the original 

packets 

• Secure operating environment including role-based 

administration and extensive audit logging 

Asia Pacifi c 

17F/B 

No. 167 Tun Hwa N. Road 

Taipei 105, Taiwan 

Phone: +886 2 2717 1999 

Europe 

One Canada Square 

29th fl oor, Canary Wharf 

London E14 5DY, United Kingdom 

Phone: +44 207 712 1672 

Copyright © 2012 NetScout Systems, Inc. All rights reserved. NetScout, nGenius, and Infi niStream are registered trademarks of NetScout Systems, Inc. and/or its affi liates in the 

United States and/or other countries. All other brands and product names, and registered and unregistered trademarks are the sole property of their respective owners. NetScout 

reserves the right, at its sole discretion, to make changes at any time in its technical information, specifi cations, and service and support programs. This product is only available 

for sale and use in certain countries, regions or legal territories, contact NetScout to determine eligibility. 

EQL_018-12

nGenius Forensic Intelligence - NetScout

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?