Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introducing Savvius Vigil


Published on

Savvius Vigil is the first network appliance able to intelligently store months of packet-level information to enhance security investigations. Savvius Vigil integrates with your existing SIEM platform to examine packets related to a breach weeks or months after the incident occurred. This information is often vital to a full understanding of the threat.

Published in: Technology
  • Be the first to comment

Introducing Savvius Vigil

  1. 1. Savvius Vigil Enhancing Security Investigations With Critical Packet Data
  2. 2. Corporate Overview 2 Mission Savvius, Inc. Headquarters San Francisco Bay Area Customers Over 7,000: U.S., EMEA, APAC Founded 1990 Formerly WildPackets Create advanced, high-performance products that provide unprecedented insight into network performance issues and security incident investigations.
  3. 3. Corporate Overview 3 Savvius Tools for Network Professionals Software to view, analyze, and investigate. Network traffic capture and analytics appliances.
  4. 4. Corporate Overview 4 Data Center Authenticate Call Manager Secure WEB CITRIX App Delivery Controller App Delivery Controller APP APP APP SQL Cluster Oracle Cluster Core Switch Firewall Network Problems Occur in a Complex Environment Remote Office Corporate Campus Access Point Access Point Access Point Access Point Access Point Access Switch Integrated Services Router Wireless Controller Wireless Controller Content?Performance? Connectivity? Delays Latency Slowness Network access WLAN connects Intermittent drops Transaction verification Personnel Security What is the problem?
  5. 5. © Savvius, Inc. ‹#›Confidential Investigations “silo by silo” leave out critical insights. The network is the first one to be blamed! Computing Platforms Database Compute Storage Virtualization Network Wireless Data Center LAN WAN Application Operations Deployment Test Development Security Response Detection Forensics Traditional Approaches Don’t Work!
  6. 6. © Savvius, Inc. ‹#›Confidential Product Use Traffic Environment Storage Omnipliance Packet Capture for Troubleshooting Up to 16.5 Gbps Data centers, remote offices 4-128 TB Omnipliance WiFi WLAN troubleshooting including 802.11ac Up to 3.8 Gbps Enterprise WLAN 8TB Savvius Vigil Long-term packet storage for security investigations IDS performance up to 9 Gbps Cybersecurity infrastructure 64 or128 TB OmniPeek Professional Software for Analytics and Troubleshooting Platform Dependent Portable Network Analysis N/A OmniPeek Enterprise High performance software for Analytics and Troubleshooting Platform Dependent Network Analysis N/A Capture Engine For OmniPeek Software for remote troubleshooting and analysis Platform Dependent Distributed Platform Dependent USB WiFi Adapter for OmniPeek WLAN adapter for portable analysis 200Mbps Portable N/A Savvius Solutions
  7. 7. Corporate Overview 7 FinancialEducation Government Health Care / Retail Telecom Technology Global Customers
  8. 8. Introducing Savvius Vigil. Employing decades of network forensics expertise to enhance security investigations. Network insight for performance and security
  9. 9. Savvius Vigil does not prevent breaches. After all …
  10. 10. … perimeter defenses have become quite sophisticated. But …
  11. 11. perimeter security is never perfect. And …
  12. 12. Corporate Overview 12 … breaches are expensive. Source: Pixlcloud
  13. 13. Corporate Overview 13 Making packet data available for security investigations
  14. 14. Corporate Overview 14 Five Savvius Vigil Assumptions 1 You have assets to protect Financial information, patient records, confidential data 2 Your perimeter isn’t perfect Your organization is penetrated right now 3 Delayed discovery is inevitable Data breaches are typically discovered six months later 4 Network packets are valuable Security investigations need more than logs and events 5 You can’t store all network traffic Months of network traffic requires petabytes of storage
  15. 15. Savvius Vigil automatically extends the packet-enabled investigation window from hours to months.
  16. 16. Corporate Overview 16 How Savvius Vigil Works IDS/IPSIDS/IPSIDS/IPS Network Traffic An IDS/IPS generates events continuously ‒ Often for immediate investigation ‒ Each event includes a very limited amount of data Too many events to investigate each one ‒ IDS/IPS systems are tuned to match security team’s capability ‒ “Breaches will slip by…” It starts with your SIEM’s intrusion detection (or selected IP addresses) Events IDS Console
  17. 17. Corporate Overview 17 How Savvius Vigil Works IDS/IPSIDS/IPSIDS/IPS Network Traffic Savvius Vigil uses IDS/IPS events to filter packets out of the network traffic. Events IDS Console Integration with: HP ArcSight, Cisco FireSIGHT, Snort, Suricata More added regularly In addition! All traffic to high-value IP addresses can be stored
  18. 18. Corporate Overview 18 How Savvius Vigil Works Now5 minutes ago IP #1 IP #2 IP #3 IP #4 IP #5 IP #6 Savvius Vigil buffers ALL network traffic (represented here by 6 IP addresses) Step 1: An IDS event comes in, alerting on two IP addresses: Step 2: All packets between those addresses for up to five minutes before and after (settable) are stored: Step 3: Packets to or from one of those IP addresses are also stored (“Associated Conversations”) if desired: Step 4: Packets that are not associated with either event IP address are ignored:
  19. 19. Corporate Overview 19 0 250 500 750 1000 0 250 500 750 1000 Days of Stored Events Days Events/Day from IDS/IPS +/- 5 minutes +/- 2 minutes Note: Approximate, assuming 125 packets per second per conversation, 750 bytes per packet, multiple of 8.5 for Associated Conversations.
  20. 20. Corporate Overview 20 Investigating With Savvius Vigil Select and refine ‒ Select by date range, event(s), or IP addresses ‒ Refine by source, severity, and other characteristics Export and view packets ‒ Select time before and after event and whether to include packets in Associated Conversations ‒ Save and view in OmniPeek ‒ Save standard packet files Savvius Vigil makes packets available for immediate or long-term investigations.
  21. 21. Corporate Overview 21 Takeaways Packets are critical to effective investigations ‒ “Packets don’t lie” ‒ Investigating a security event without access to packets means all evidence is circumstantial and indirect Most breaches aren’t discovered right away ‒ Storing packets for months requires intelligent packet storage ‒ Manually selecting which packets to store isn’t good enough Savvius Vigil provides the answer ‒ Automatic, intelligent packet storage ‒ Organized access to relevant packets for immediate and long-term investigations ‒ See packets before and after events ‒ A vital addition to your existing security infrastructure
  22. 22. Demonstration Network insight for performance and security
  23. 23. Savvius Vigil Enhancing Security Investigations With Critical Packet Data