+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Network Security Forensics in the Incident Detection and Response Lifecycle

  • Report
  • 162 Pages
  • March 2018
  • Region: Global
  • Frost & Sullivan
  • ID: 4495402
Description Jump to:

The Proof is in the Packet

Network security forensic tools get to the heart of the matter in cybersecurity and that is the proper indexing and correlation of packets. The most noted platforms include RSA NetWitness, Cisco Stealthwatch, Arbor Networks Spectrum, and IBM QRadar. However, often companies do not wish to use full packet capture platforms; and will consider solutions that have partial packet capture with metadata (PacketSled as an example). network security forensics tools offer a way to reduce the mean-time-to-detect (MTTD), and mean-time-to-respond (MTTR) to security incidents and, because these tools offer packet-level visibility, they find the root-cause of an incident.

This network security forensics report is developed in the context of an IDR framework. The framework explains varying attributes of Detection, Contextual Analysis, Remediation, and Restrictions/Penalties for cybersecurity technologies in the security operations center (SOC).

Two capabilities differentiate network security tools from other cybersecurity platforms:

1) Platforms are capable of full packet capture (PCAP), or

2) Other platforms use partial packet capture with metadata fields. Both types of tools are covered in the report and an explanation about the pros and cons can be found in Capacity Partial and Full Packet Capture.

Table of Contents

1. Executive Summary
  • Key Findings
  • Executive Summary-Key Questions This Study Will Answer


2. Introduction
  • Introduction to the Research


3. Introducing Network Security Forensics
  • Network Security Forensics-Definitions
  • Network Security Forensics and Forensic Investigations
  • Network Security Forensics-Investigating an Alert
  • Network Security Forensics-Investigating a Breach


4. Network Security Forensics Origins by Technology Types
  • Network Security Forensics Origins by Technology Types


5. Drivers and Restraints-Network Security Forensics
  • Drivers and Restraints
  • Drivers Explained
  • Restraints Explained


6. Capacity-Partial and Full Packet Capture
  • Capacity-Partial and Full Packet Capture


7. Network Security Forensics Role in IDR
  • Network Security Forensics Role in IDR
  • Attributes of Vendor Analysis of Network Security Forensics in IDR


8. Vendor Analysis of Network Security Forensics in IDR
  • Vendor Analysis of Network Security Forensics in IDR


9. The Last Word
  • Notes About the Road Ahead
  • The Last Word-Predictions
  • The Last Word-Recommendations
  • Legal Disclaimer


10. Vendor Participation Slides
  • Vendor Profile-Arbor Networks, the Security Division of NETSCOUT
  • Vendor Profile-Cisco
  • Vendor Profile-Corelight
  • Vendor Profile-CSPi
  • Vendor Profile-LogRhythm
  • Vendor Profile-NetFort
  • Vendor Profile-NIKSUN (Big Data Analytics on Lossless Full Packet Capture)
  • Vendor Profile-Savvius
  • Vendor Profile-Symantec
  • Vendor Profile-VIAVI Solutions


11. Appendix
  • Appendix A-What are the Criteria in Multifactor Incident Detection and Response (IDR)
  • Appendix A-Cybersecurity Technology Classes Included in Multifactor IDR
  • Appendix B-Explaining Individual Attributes of the IDR Lifecycle
  • Appendix C-Definitions of Common Terms Used in Network Security Forensics
  • Methodology

Companies Mentioned

A selection of companies mentioned in this report includes:

  • Arbor Networks, the Security Division of NETSCOUT
  • CSPi
  • Cisco
  • Corelight
  • LogRhythm
  • NIKSUN (Big Data Analytics on Lossless Full Packet Capture)
  • NetFort
  • Savvius
  • Symantec
  • VIAVI Solutions

Related Topics

Related Reports

Network Forensics Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2023-2028 - Product Image

Network Forensics Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2023-2028

  • Report
  • 147 Pages
  • Global
From
Network Forensics: Global Strategic Business Report - Product Image

Network Forensics: Global Strategic Business Report

  • Report
  • 163 Pages
  • Global
From
Network Forensics Global Market Report 2022: Ukraine-Russia War Impact - Product Image

Network Forensics Global Market Report 2022: Ukraine-Russia War Impact

  • Report
  • 175 Pages
  • Global
From
Network Forensics Market Research Report by Component (Hardware, Service, and Solution), Deployment Model, Organization Size, Application, Region - Cumulative Impact of COVID-19, Russia Ukraine Conflict, and High Inflation - Global Forecast 2023-2030 - Product Image

Network Forensics Market Research Report by Component (Hardware, Service, and Solution), Deployment Model, Organization Size, Application, Region - Cumulative Impact of COVID-19, Russia Ukraine Conflict, and High Inflation - Global Forecast 2023-2030

  • Report
  • 251 Pages
  • Global
From
DDoS Protection Market - Growth, Trends, COVID-19 Impact, and Forecasts (2022 - 2027) - Product Image

DDoS Protection Market - Growth, Trends, COVID-19 Impact, and Forecasts (2022 - 2027)

  • Report
  • 147 Pages
  • Global
From
Copyright © 2002-2023 Research and Markets. All Rights Reserved.