eEye Digital Security — Network Forensics & Investigation

Today's complex networks support new and increasingly diverse technologies and protocols. Organizations rely on multiple applications and platforms to achieve their business objectives. To effectively manage the traffic these applications create, and to cope with application diagnostics support requirements, IT professionals require a solution to aggregate, analyze and diagnose the state of their network data.

Forensic diagnostic tools play an important role to complete a network diagnosis, especially after attempted attacks or virus/worm outbreaks.

To meet this challenge, enterprises require precise data monitoring and reconstruction capabilities to pinpoint performance bottlenecks, ensure proper bandwidth allocation for critical applications and services, and provide detailed forensic information to show attack vectors, propagation paths and other malicious activities.

eEye’s network forensics solution combine process and technology into a single, effective system, giving security and information technology professionals the power to schedule and perform network traffic audits, including the ability to allow administrators to see network activity exactly as end users see it on their computers. Network forensics are best performed through Iris® Network Traffic Analyzer, which captures all data passing through a network and allows network administrators to trace the actions of any network user.

eEYE APPROACH

eEye's network and vulnerability forensics solution was designed to provide precise analysis and reporting of the issues facing today's networks, including automated problem identification, reporting and integrated filtering capabilities that go beyond the capture, filter, and decode capabilities of traditional network analysis.

eEye's vulnerability forensics solution takes network traffic and returns it to its original format, dramatically reducing the time previously spent examining individual data packets. Utilizing this approach, security professionals can read the actual text of an email, exactly as it was sent, and reconstruct the actual HTML pages that users have visited.

eEye's forensics solution provides automated filters that can be set up to flag and record specific network traffic that contains a particular MAC or IP address, unacceptable words or websites, and more - to determine if company security is being compromised, corporate policies are abused, or if regulatory compliance guidelines are being enforced. Iris provides a variety of statistical measurements allowing companies to proactively identify — and take the steps to eliminate — performance issues before they can result in downtime.

Vulnerability forensics is an important component within eEye’s best practices approach to a vulnerability management lifecycle solution. Understanding what occurred after an attack is an important part of learning new threat behaviors and adapting accordingly, enabling IT administrators to learn new trends and eliminate recurrence of new vulnerabilities immediately after detection. Preventing existing and new threats is the ultimate goal, and the foundation to a successful network security program.

SOLUTION ARCHITECTURE

Consistent with eEye’s best practices approach to threat management, the architecture of eEye’s network vulnerability forensics and investigation solution is optimized when utilized in conjunction with eEye’s multi-tiered vulnerability management solution, starting with a comprehensive assessment and audit of security threats on all network assets. Following a complete assessment of all network assets, Iris Network Traffic Analyzer may be implemented to provide a sophisticated, yet simple-to-operate network traffic analyzer. Iris allows you to easily examine the inner workings of your network, making the detective work of pinpointing a security breach or resolving a performance problem quick and effortless.