Get the Skills you need from Home with SANS Online Training - Special Offers Available Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The Efficiency of Context: Review of WireX Network Forensics Platform

  • Tuesday, September 05, 2017 at 1:00 PM EDT (2017-09-05 17:00:00 UTC)
  • Philip Campeau, Jerry Shenk


  • WireX Systems

You can now attend the webcast using your mobile device!



By 2020, according to Gartner, 60 percent of enterprise information security budgets will be spent on rapid detection and response systems, compared to 20 percent in 2015.

Why the huge jump? A desperate need for speed.

In two-thirds of the data breaches examined for the 2016 Verizon Data Breach Investigations Report, the attackers were able to start exfiltrating data within days -- but it took the majority of the defenders weeks to find out they were breached.

Shortening that delay can drastically reduce the cost and severity of breaches, but how can this be done? Investigating a threat usually begins with a low-fidelity alert, and server logs or SIEM metadata doesn't reveal much more -- most of the data we are looking for is not there.

Performing in-depth investigation isn't easy, even for security gurus, who in any case are in such short supply they're almost impossible to find or afford. Security teams cannot afford wasting precious time when trying to understand the context of a specific threat. They must arm themselves with better tools to get immediate visibility and understanding of all activities in their network and also be able to do it in minutes.

WireX Systems officials think they have found the way to slash the time it takes to spot an intruder by making it easier for mere mortals to read and understand network traffic and identify early signs of a breach. Contextual Capture, a key feature of the WireX Network Forensics Platform, is designed to turn every SOC member into a valuable analyst by providing easy-to-use forensics history (for periods of months) using a unique and intuitive query interface. WireX NFP also creates investigation workflows that can be used by the entire security team to accelerate alert validation and incident response.

How well does it work?

SANS expert Jerry Shenk is testing the system to find out.

Click here and be among the first to hear Jerry's conclusions and get access to the whitepaper, which will provide even more detail, all from a SANS reviewer with enough experience in the lab and the field to understand the value of fast detection and the kind of information that makes it possible.

Speaker Bios

Jerry Shenk

Jerry Shenk currently serves as a senior analyst for the SANS Institute and is senior security analyst for Windstream Communications, working out of the company's Ephrata, Pennsylvania, location. Since 1984, he has consulted with companies and financial and educational institutions on issues of network design, security, forensic analysis and penetration testing. His experience spans networks of all sizes, from small home-office systems to global networks. Along with some vendor-specific certifications, Jerry holds six GIAC certifications - all completed with honors - and five with Gold certifications: GCIA, GCIH, GCFW, GSNA, GPEN and GCFA. He also holds the CISSP certification.

Philip Campeau

Philip Campeau is a senior systems engineer at WireX Systems. He has been in the computer industry for over 20 years, specializing in computer security for the last 17. He has helped design and implement security solutions for some of the largest computer networks in the world. For the past nine years, he has worked with security technology companies such as Imperva and WireX Systems to introduce next-generation products and help companies recognize value and enable their security team to get the best return on their investment.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.