The Cisco Security Packet Analyzer provides tools that help you investigate security events and anomalous network activity. It works in conjunction with Cisco Stealthwatch to speed incident response and network forensics.
Network threats and cybercriminals are getting smarter. The question today is not whether your network will be breached. The question is when. The need to respond to advanced threats quickly has never been greater.
Many organizations possess some level of security monitoring and incident response capability. Security professionals can speed incident response in several ways. A common method is using packet capture solutions. These can collect and store all of the information that traverses the network.
However, an organization might look for a full packet capture without the need to store all packets from all time. That is, they look for packets specific to those events for a faster investigation. This is where Packet Analyzer plays a very important role.
With Packet Analyzer you can conduct packet capture in select areas of the network where an incident is detected. Unlike traditional solutions, Packet Analyzer gives operators the ability to store and search only the packets that trigger alarms in the user interface. Through integration with other Cisco Security products, Packet Analyzer provides analysts with the ability to capture all the raw packets from network. There is no need to sift through all the packets that are captured from network traffic or hold them for later investigation.
Using Packet Analyzer, organizations are thus able to:
Cisco Security Packet Analyzer uses Stealthwatch flow data analysis to locate specific points in the data stream. It then generates a detailed search query to locate those packets.
It delivers real-time high performance with either four Gigabit Ethernet or two 10 Gigabit Ethernet interfaces. Packet Analyzer captures all frames, including those normally discarded by standard network interface cards (NICs).
Packet Analyzer stores data in industry-standard packet capture format.
Packet Analyzer helps you put threat intelligence to use quickly with your existing security and network infrastructure.
In addition, Packet Analyzer can be used to get comprehensive traffic statistics, visibility into overlay networks (OTV, LISP, VXLAN, etc.), Application Response Time (ART) metrics, and Layers 4-7 application recognition using next-generation Network Based Application Recognition (NBAR2).