"It's the Unicorn we've been looking for!"
This was the response I got the other day when I was explaining to a customer the benefits of looking back at packets before and after they pass through an active, inline device and a packet capture or forensics tool.
Simply put, how else will enterprise networks have real-time knowledge of an attempted attack, as well as the ability to look back and see how the packets were altered or dropped?
Historical lookback aka before & after, is solution that uses hybrid bypass TAPs with monitoring ports that allow both security tools, such as next-gen firewalls and intrusion prevention systems to share packets with multiple monitoring tools such as network packet capture, forensics, deep packet inspection, etc.
EdgeLens® Garland Technology's hybrid bypass TAP and In-line Security Packet Broker provides identical network traffic streams, both through the active, inline security tools (IPS/NGFW/WAF), and to the network packet capture, forensics, deep packet inspection and/or lawful intercept tools.
Because all devices see the same traffic, it is easy to correlate events generated by the active, in-line device with the PCAP data which is captured and indexed within the out-of-band packet analysis tools.
Once a breach or critical event is detected, it's imperative to facilitate a real-time security incidence response, including retrieval of full sessions and other detailed context around those critical events. Extracted PCAP files may be further analyzed by a variety of out-of-band tools for security forensics.
This solution can be deployed with most vendors network analyzer tools and security tools, the tools are independently managed through the EdgeLen's interface - the key here is that all the tools share the same packets via the identical network stream.
Looking to add IT Security solution to your security deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!