From Packets to Logs to Dashboards
Beginning with packets
In its most basic form, data travels across the internet in packets — each carrying a maximum of 1,500 bytes — until they reach a pre-determined destination. As packets arrive, the network receiving the data assembles the packets like a puzzle, recreating the message.
Today, data transmission involves unprecedented volumes of data at increasing speeds. And with initiatives like the Internet of Things (IoT) and cloud computing, new layers of complexity emerge from the ever-widening diversity of communication protocols.
Having full visibility of all network data is critical to securing your business and keeping complex systems operational. Incident responders rely on network data as a foundational source of truth to resolve security alerts, but common network data sources either fail to provide the full picture or make storing and searching the full picture too difficult and cost-prohibitive to scale. Without comprehensive and readily-actionable network data provided in real time, it can take incident responders hours or even days to diagnose and resolve a single security alert.
Since nearly all cyberattacks must cross the network, extracting security-relevant data from network traffic is essential across a wide range of security operations including incident response, threat hunting, and threat detection. Finding a way to quickly, reliably, and cost-effectively capture all traffic and transform it into usable security logs can be challenging, especially in distributed environments.
Through Humio’s partnership with Garland Technology and Corelight, there is a way to efficiently get the data you need to quickly respond or investigate issues as they arise. Join us as we follow the detection process from the level of packets and network traffic with Garland Technology, through logs with Corelight and into dashboards with Humio.
The data being fed into any monitoring or security tool needs to be uncompromised, complete and accurate, so what happens when packets are lost? The network tools used for accessing, monitoring, and securing data no longer have 20/20 visibility. There is no other method that provides the depth and granularity of a packet. With the increased sophistication of cyber threats, having 100% network visibility is essential to monitor, manage, and protect your network.
How can you ensure zero dropped packets across the data center? Packets are a critical foundational source of data. Packet capture technology is necessary to filter and manipulate data packets so your tools receive the correct data to properly execute their core functions. A dependable data acquisition strategy will mitigate traditional problems with packet capture while ensuring your tools have the data packets needed to analyze raw performance metrics.
The foundation of most network visibility fabrics starts with network TAPs, not SPAN ports, ensuring that critical packets get to tools for monitoring, regulations, corporate compliance, and security, in tandem with aggregation devices and packet brokers to maximize your monitoring and security tools.
What is Garland Technology’s product role in the packet journey? At the primary location, Garland’s network TAPs send traffic through the packet broker for aggregation, load balancing, and deduplication and into the Corelight and Humio solution. At remote locations, Garland’s EdgeLens® TAP/packet broker hybrid sends traffic back to the primary’s packet broker using GRE tunneling and into the Corelight and Humio solution. Providing scalable visibility across multi-network environments.
Corelight Sensors transform the captured network traffic from Garland’s TAP into comprehensive network logs, extracted files, and custom security insights via the power of the open-source Zeek Network Security Monitor (formerly known as “Bro”).
Zeek extracts over 400 fields of data in real-time, covering dozens of data types and protocols from Layer 3 to 7, including TCP connections, SSL certificates, HTTP traffic, emails, DHCP, and more. Zeek logs are structured and interconnected to support threat hunters and incident responders.
Once the network traffic is transformed into log data, Humio’s real-time log management platform lets you instantly turn your data into usable information to answer questions in the context of other data in your environment so you can quickly respond or investigate as needed.
Humio directly ingests and stores Corelight’s network logs and extracted files via API. Because Humio ingests streaming live data using index-free technology, live alerts and dashboards are presented with a subsecond ingest latency that differentiates Humio from other log management options.
This speed enables incident responders and threat hunters to instantly search and visualize the data in Humio dashboards, supporting both hosted (cloud) and non-hosted (on-premise or private cloud) environments. Humio can ingest a wide variety of sources of data, giving it enhanced correlation power beyond the abilities of a typical SIEM. With Humio’s modern log management technology, you’ll get accurate answers to critical security and IT questions so quickly and easily, it may entirely change the way you look at security response.
Humio is built to scale linearly and efficiently store data so users aren’t wasting their compute resources. These days, speed matters, and by using real-time streaming capabilities for querying and dashboards Humio meets the needs of a modern security team.
When combined, Garland Technology, Corelight, and Humio offer a powerful solution that includes deep network traffic visibility, analysis, and real-time insights to allow organizations to get fast, precise answers to critical security and IT questions about their environment, systems, and applications.
Uniting Garland Technology, Corelight, and Humio produce exceptional security results because each leverage one another strengths. Garland and Corelight provide a thorough picture of all traffic on the network, generating massive amounts of data that in turn Humio ingests and stores quickly and efficiently.
To find out more about Humio supports security, explore our SecOps page. To explore how Garland, Corelight, and Humio work together to complete the observability picture, visit our partner page.