Some say security teams have all the fun! But hunting for hacks and tracking down bad guys doesn’t have to be limited to traditional security solutions. In fact, the network team already has tools at its disposal that offer additional capabilities above and beyond intrusion detection systems (IDS)
1. Know your “normal” – The majority of network teams use Wireshark in some capacity. It’s free and it is often their first experience with packet analysis. Obviously use of the application varies, but network engineers can develop a keen awareness of what normal traffic patterns look like.
2. Retrospective network analysis – According to the recent Mandiant M-Trends report, the median number of days that attackers were present on a victim’s network before being discovered is still 146 days. That is despite the use of IDS and other traditional security tools. With retrospective analysis and the capture of packets, network teams can rewind to the time of the incident(s) and track exactly what the hackers accessed, leading to faster remediation.
3. Long-term packet capture – For high-traffic enterprise, data center, or security forensics applications, a purpose-built appliance with its own analytics may be the next step. Depending on size and volume, there are appliances that can capture and store up to a petabyte of network traffic for later analysis. Navigate to the exact moment a problem occurred and see detailed packet-level views before, during, and after an issue occurrence. This can eliminate unnecessary finger-pointing between network and application teams, fast and accurate issue identification, and speedy resolution.
The third annual Viavi Solutions Wireshark Week takes place 5th-9th December, 2016 and all this week readers of NCN will be offered exclusive insight to help hone their network troubleshooting skills.