LiveAction and Cisco: Network Forensics in Security Breach
Enabling Network Forensics in Security Breach Investigations.
Enterprises, under constant attack, deploy highly effective systems to detect and prevent security threats. However, not even the most comprehensive and sophisticated security system can prevent all attacks from making it through. When a security incident occurs, the investigation into the breach must be timely and comprehensive so you can rapidly understand, contain, and remediate the current issue, and better prevent future ones. Investigations without access to the original network packets that carried the intrusion are invariably less effective. Network packets carry malware as binaries that, once assembled on an enterprise’s server, cover their tracks — altering logs, changing resources, and modifying their identity — as the first order of business.