The Efficiency of Context: Review of WireX Network Forensics Platform

  • Tuesday, 05 Sep 2017 1:00PM EDT (05 Sep 2017 17:00 UTC)
  • Speakers: Jerry Shenk, Philip Campeau

By 2020, according to Gartner, 60 percent of enterprise information security budgets will be spent on rapid detection and response systems, compared to 20 percent in 2015.

Why the huge jump? A desperate need for speed.

In two-thirds of the data breaches examined for the 2016 Verizon Data Breach Investigations Report, the attackers were able to start exfiltrating data within days -- but it took the majority of the defenders weeks to find out they were breached.

Shortening that delay can drastically reduce the cost and severity of breaches, but how can this be done? Investigating a threat usually begins with a low-fidelity alert, and server logs or SIEM metadata doesn't reveal much more -- most of the data we are looking for is not there.

Performing in-depth investigation isn't easy, even for security gurus, who in any case are in such short supply they're almost impossible to find or afford. Security teams cannot afford wasting precious time when trying to understand the context of a specific threat. They must arm themselves with better tools to get immediate visibility and understanding of all activities in their network and also be able to do it in minutes.

WireX Systems officials think they have found the way to slash the time it takes to spot an intruder by making it easier for mere mortals to read and understand network traffic and identify early signs of a breach. Contextual Capture, a key feature of the WireX Network Forensics Platform, is designed to turn every SOC member into a valuable analyst by providing easy-to-use forensics history (for periods of months) using a unique and intuitive query interface. WireX NFP also creates investigation workflows that can be used by the entire security team to accelerate alert validation and incident response.

How well does it work?

SANS expert Jerry Shenk is testing the system to find out.

Click here and be among the first to hear Jerry's conclusions and get access to the whitepaper, which will provide even more detail, all from a SANS reviewer with enough experience in the lab and the field to understand the value of fast detection and the kind of information that makes it possible.