Recording Internet and Network Activity
With the ever-increasing interconnectedness of computer networks in government and across a wide range of industries, including healthcare, education, retail, high tech, low tech, manufacturing and utilities, network and data security are becoming of greater and greater concern. Even small businesses must take greater care with network security; hackers are more frequently targeting smaller businesses, which tend to have more lax security and fewer countermeasures against network intrusions. When network security incidents occur, the key to effective incident response and mitigation is knowing what happened, when it happened and how, which can only be determined from the record of events supplied by packet capture.
The data from continuous security monitoring enables breach reconstruction a precise determination of which equipment and which files were compromised. Any business that handles the personal, financial and health information of third parties must also be prepared to determine the scope of their liability, in the event those third parties' information is compromised or stolen.
Continuous Security Monitoring vs. Periodic Checks
It is not possible to prevent all attacks, making detection of paramount importance. The continuous monitoring provided by standalone packet capture appliances provides a way to move beyond periodic checks, which have proven to be of limited use in the face of proliferating attacks (hackers don’t tend to schedule their attacks with you ahead of time). Whereas period checks leave open large spans of time for outsider mischief to go on undetected, full packet capture provides uninterrupted coverage.
Reasons for Recording Network Activity
Organizations, businesses and information security professionals have many reasons to record internet and network activity, using network packet capture to:
- Detect, substantiate and prevent electronic theft.
- Improve network incident response times and outcomes.
- Conduct network forensics.
- Track network performance and usage.
- Monitor employee internet activity; investigate insider misuse; check adherence to corporate IT policies.
- Detect data leakage.
- Catch communications between hijacked computers infected with botnetware and the hacker.
- Test PCI, HIPAA, SOX and other regulatory compliance measures.
- Check and verify firewall security.
- Determine the scope and breadth of data stolen or compromised and associated liabilities, in the case of a breach.
- Troubleshoot network problems.
- Debug networking and computer equipment.
Choosing a Network Recording Device
Several criteria come into play when choosing a network recording device (aka, packet capture appliance).
- Your network’s speed: IPCopper packet capture appliances are available with 1 Gbps and 10 Gbps speeds.
- Whether you require permanent, unerasable recording: We offer both forensic (one-time recording) and continuous-loop (overwrite) options.
- The minimum sustained capture speed as compared to your network’s average traffic volume.
- Recording capacity.
- Whether the device captures everything (headers and payloads) or just headers.
- The device’s integrated security measures: You do not want the data you record for your own use and security to become a treasure trove for hackers to discover and exploit. Our packet capture appliances feature several security features, including always-on dual encryption, an invisible network profile and physical access controls.
- Connectivity options: Does it require additional equipment to "tap" into the data flow? Can it connect to a SPAN / mirror port or operation inline? IPCopper packet capture appliances do not require separate network tap equipment and can easily connect either to a SPAN port or inline on the wire (Learn about the relative merits of connecting inline vs. to a SPAN/mirror port).