Cisco Security and NextComputing

Pivot-to-PCAP from Cisco Security to NextComputing’s Packet Continuum UCS, a forensic investigation tool for retrospective detection and look-forward threat-hunting based on lossless packet capture retention.

Packet Continuum UCS is an easy Pivot-to-PCAP from Cisco Security to examine the full packet/timeline context of suspicious activity within network traffic. Packet Continuum continuously captures and records full packet history, indexed for very fast search/recall over a long timeline, and augmented with forensic metadata from real-time DPI analytics logging and IDS alerts. User-defined IDS alerts include up to 50,000 active Snort IDS rulesets, plus up to 1,000,000 suspicious traffic alerts (eg. ThreatIPs, file/hash detection, DNS domains, and JA3 encrypted traffic signatures). Bottom line: Cisco Security user analysts can quickly resolve critical threats and provide definitive PCAP data evidence within Incident Response reports.

Within Packet Continuum UCS, Cisco Security users may:

• Remotely examine the full lossless packet contents (ie. like Wireshark) of any critical network transaction
• Re-construct suspicious objects and files on demand
• Quickly refine the search to locate any historical network activity that is similar
• Perform “Retrospective Detection” on recorded network history, based on newly discovered zero-day threats (ie. from Cisco Talos services)
• If a breach occurred, find out exactly what really happened, and include well-documented results within a final incident report
• Easily create custom PCAP workflows, such as automated file-carving or selective data retention driven by Cisco Security analytics

Packet Continuum UCS offers low-cost lossless packet capture options for Cisco Security users, with smooth scale up to very large-enterprise and carrier-grade networks. Packet Continuum “Federations” provide multiple users with federated access to many remote capture points, and smoothly manages support services for security policy updates and software feature/OS updates. A mature and well-documented REST/API and CLI allows advanced SOC teams to integrate PCAP workflow scripts within Cisco SecureX.

Cisco UCS Server Infrastructure: Packet Continuum UCS software framework is optimized to leverage the advantages of the latest Cisco Unified Computing System (UCS) infrastructure. Cisco UCS unique benefits include flexible provisioning for large data centers and smooth scale for very long packet capture timelines and very high lossless packet capture rates. NextComputing works closely with Cisco resellers to quote fully integrated capture appliances, with deterministic performance specs for lossless packet capture.

Cisco Security field-deployment: NextComputing’s NextServer-X hardware appliance can deploy the full suite of Cisco Security virtualized software apps (with or without Packet Continuum UCS) within a small form-factor appliance that is single-person-lift, and TSA-compatible as airline carryon luggage. NextServer-X is appropriate to bring Cisco Security into “Fly-Away Kits” for military CPT teams or mobile cyber-assessment services, and also “Deployable Cloud” use cases.

Product Integrations

• Secure Network Analytics: Software connector to quickly pivot to full packet contents of alerts or flows in the Network Analytics user interface Console. Follow all streams related to these critical activities. Further iterate PCAP searches of historical network traffic. Include PCAP data evidence within final Cisco Security analytics reports.
• Secure Firewall: Software connector to quickly pivot to full packet context of critical alerts viewable in the user analyst interface of Secure Firewall Management Center. Further iterate searches into packet data for all historical traffic, whether or not it was tagged/blocked by Secure Firewall. Perform Retrospective Detection, using new Snort rules from Cisco Talos to search the full recorded network history for any similar activity – even before that threat was known!