Search form

Upcoming Webinars

Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
December 12, 2023

On-Demand Webinars

3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Optimization Without Recommendations: Automating Cost Optimization on Amazon EKS
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan
Don't Get Lost in the Cloud
SOLD IN 6 SECONDS: Formulas to Fast & Friction-Free E-commerce
Supercharge Your IT Resources
Automate and Save Time
Maximize Shareholder Value with Internet Resilience
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Preventing Outages: Map Your Internet Stack
The Benefits of Real-Time, Automated Cloud Cost Automation
Maintaining Price and Performance SLAs Across Engineering Teams
May 2023 Product Launch: Learn about Catchpoint's New Capabilities
Automox Virtual Summit 2023
Puzzled by Patching: Solve Endpoint Pains On-Demand
Perfecting the Customer & Employee Digital Experience with TMNAS
Maximize Your Savings: The Journey from On-Premise Hadoop to Amazon EMR
Gaining App-Centric Visibility Into Your IT Infrastructure
Preventing Outages: Monitor What Matters
Data Stack Summit 2023
Risky Business: Implementing a Redundant Networking and Multi-CDN Monitoring Strategy
New Forrester Research Reveals Opportunities for Retail & eCommerce Companies to Increase Revenue Through Internet Resilience
What the World's SREs Know: The 2023 SRE Report
Bridging Visibility Gaps in Your Multi-Cloud Infrastructure

All Webinars...

Analyst Reports

2023 Gartner Critical Capabilities for APM and Observability
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring
2023 Gartner Magic Quadrant for APM and Observability
Honeycomb's O'Reilly Book Observability Engineering
2022 Gartner® Magic Quadrant™ for APM and Observability

All Analyst Reports...

White Papers

Streamlining Configuration Management: Unleashing the Power of OpManager's Module
OpenShift Monitoring: Five Crucial Elements to Look Out for
Apache Tomcat Monitoring Made Easy with Applications Manager
End-User Experience Monitoring: Its Meaning, Importance, and Best Practices
5 Steps to Improve Website Performance
Scout APM - New Relic Comparison Guide
Kubernetes vs. Docker Comparison Guide
Learn the Importance of Network Backup Tool
IT Budgeting Amid a Challenging Macroeconomic Climate
Network Configuration Manager as an Add-On to OpManager
State of ITOM in 2023
The 2023 State of IT Operations Report
Transitioning from APM Tools to Honeycomb
The State of Kubernetes 2023
Tracking Core Web Vitals with Vercel and Honeycomb
Going Beyond Plain Virtualization Monitoring
Using Honeycomb to Optimize CI/CD Delivery Pipeline Performance with GitLab
Preventing Outages in 2023: What We Learned from Recent Failures
Create a GitHub Actions Workflow to Optimize Delivery Pipeline Performance with Honeycomb
Integrated Performance Management for Physical, Virtual & Cloud Infrastructure
Using Honeycomb to Optimize CI/CD Delivery Pipeline Performance with CircleCI
Hybrid Cloud Monitoring: Fundamental Driver of Efficiency in Hybrid Clouds
Application Management Solutions for Enterprises
Best Ways to Map Impact of Application Performance Issues on Business Goals
Quick Tips: Network and Application Infrastructure Checklist for the “Work From Home” Admin
Essential CDN Monitoring for Digital-First Organizations: The Authoritative Guide
G2 Users Love Pepperdata
Autonomous FinOps for Kubernetes
The Comprehensive Guide to Border Gateway Protocol
2023 SRE Report

All White Papers...

5 Ways to Use APM for Post-Event Security Forensics
December 12, 2014

Brad Reinboldt
Network Instruments

Share this

Most security experts agree that the rapidly changing nature of malware, hack attacks and government espionage practically guarantees your IT infrastructure will be compromised. According to the 2014 Cost of Data Breach Study conducted by the Ponemon Institute, the average detection, escalation and notification costs for a breach is approximately $1 million. Post-incident costs averaged $1.6 million.

Once an attacker is within the network, it can be very difficult to identify and eliminate the threat without deep-packet inspection. The right Application Performance Management (APM) solution that includes network forensics can help IT operations deliver superior performance for users, and when incorporated into your IT security initiatives, deep packet inspection can provide an extra level of support to existing antivirus software, Intrusion Detection System (IDS) and Data Loss Prevention (DLP) solutions. The ability to capture and store all activity that traverses your IT infrastructure acts like a 24/7 security camera that enables your APM tool to serve as a backstop to your business’ IT security efforts if other lines of defense fail.

To use APM solutions for security forensics for post-event analysis, you must have a network retrospective analyzer that has at least the following capabilities:

■ High-speed (10 Gb and 40 Gb) data center traffic capture

■ Expert analytics of network activity with deep packet inspection

■ Filtering using Snort or custom user defined rules

■ Event replay and session reconstruction

■ Capacity to store massive amounts of traffic data (we’re potentially talking petabytes) for post-event analysis

Like utilizing video footage from a surveillance camera, captured packets and analysis of network conversations can be retained and looked at retrospectively to detect, clean up and provide detailed information of a breach. This back-in-time analysis can be especially important if the threat comes from within, such as a disgruntled employee within a company firewall. It also allows companies to determine exactly what data was compromised and help in future prevention.

Below are five ways to use network monitoring and analysis to investigate breaches:

1. Identify changes in overall network traffic behavior, such as applications slowing down that could be a sign of an active security breach.

2. Detect unusual individual user’s account activity; off-hour usage, large data transfers, or attempts to access unauthorized systems or services — actions often associated with disgruntled employees or a hacked account.

3. Watch for high-volume network traffic at unusual times, it could be a rogue user in the process of taking sensitive data or stealing company IP.

4. View packet capture of network conversations to determine how the breach occurred and develop strategies to eliminate future threats by strengthening the primary IT security.

5. Discover what infrastructure, services, and data were exposed to aid in resolution, notification, and regulatory compliance.

By incorporating retrospective network analysis, companies can use their network monitoring as a back stop to IDS and DLP solutions, and accelerate detection and resolution.

Brad Reinboldt is Senior Product Manager for Network Instruments, a division of JDSU.
Share this

Related Links

www.networkinstruments.com

Hot Topics

APM
Cybersecurity

The Latest

2024 Application Performance Management Predictions - Part 4: OpenTelemetry
December 07, 2023

Part 4 covers OpenTelemetry: Next year, we're going to see more embrace of OpenTelemetry across the entire industry — opening up the future of instrumentation ...

2024 Application Performance Management Predictions - Part 3: Observability
December 06, 2023

Part 3 covers even more on Observability: Observability will move up the organization to support the sustainability and FinOps drive. The combined pressure of needing to adopt more sustainable practices and tackle rising cloud costs will catapult observability from an IT priority to a business requirement in 2024 ...

2024 Application Performance Management Predictions - Part 2: Observability
December 05, 2023

Part 2 covers more on Observability: In 2024, observability platforms will embrace and innovate with new technologies like GenAI for real-time analytics, becoming the fulcrum for digital experience management ...

2024 Application Performance Management Predictions - Part 1
December 04, 2023

The Holiday Season means it is time for APMdigest's annual list of Application Performance Management (APM) predictions, covering IT performance topics. Industry experts — from analysts and consultants to the top vendors — offer thoughtful, insightful, and often controversial predictions on how APM, Observability, AIOps and related technologies will evolve and impact business in 2024. Part 1 covers APM and Observability ...

Tech Horizon 2024: 10 Bold IT Trend Predictions
November 30, 2023

To help you stay on top of the ever-evolving tech scene, Automox IT experts shake the proverbial magic eight ball and share their predictions about tech trends in the coming year. From M&A frenzies to sustainable tech and automation, these forecasts paint an exciting picture of the future ...

Over 80% of Business Leaders Feel Optimistic About the Economy, Forecast Larger IT Budgets in 2024
November 29, 2023
The past few years have presented numerous challenges for businesses: a pandemic, rising interest rates, supply chain disruptions, and geopolitical conflict that sent shockwaves across the global economy. But change may finally be on the horizon. According to a recent report by Endava ... a majority of executives confirmed they are feeling optimistic about the current business climate, and as a result, are forecasting larger IT budgets, increased technology funding and rollout, and prioritized innovation in the coming year ...
Automation and AI Are Critical to Incident Response
November 28, 2023

Incident management processes are not keeping pace with the demands of modern operations teams, failing to meet the needs of SREs as well as platform and ops teams. Results from the State of DevOps Automation and AI Survey, commissioned by Transposit, point to an incident management paradox. Despite nearly 60% of ITOps and DevOps professionals reporting they have a defined incident management process that's fully documented in one place and over 70% saying they have a level of automation that meets their needs, teams are unable to quickly resolve incidents ...

A New Era: Removing the Psychological and Operational Cost of Legacy VDI
November 27, 2023

Today, in the world of enterprise technology, the challenges posed by legacy Virtual Desktop Infrastructure (VDI) systems have long been a source of concern for IT departments. In many instances, this promising solution has become an organizational burden, hindering progress, depleting resources, and taking a psychological and operational toll on employees ...

IT Departments Must Be Ready to Manage Influx of Online Shopping Over Black Friday and Cyber Monday
November 22, 2023

Within retail organizations across the world, IT teams will be bracing themselves for a hectic holiday season ... While this is an exciting opportunity for retailers to boost sales, it also intensifies severe risk. Any application performance slipup will cause consumers to turn their back on brands, possibly forever. Online shoppers will be completely unforgiving to any retailer who doesn't deliver a seamless digital experience ...

Non-Negotiables for Black Friday Online Shopping
November 21, 2023

Black Friday is a time when consumers can cash in on some of the biggest deals retailers offer all year long ... Nearly two-thirds of consumers utilize a retailer's web and mobile app for holiday shopping, raising the stakes for competitors to provide the best online experience to retain customer loyalty. Perforce's 2023 Black Friday survey sheds light on consumers' expectations this time of year and how developers can properly prepare their applications for increased online traffic ...