Why Aren’t More Companies Capitalizing on


            Packet Capture?


            By Cary Wright, VP of Product Management, Endace



            In a threat landscape that is now changing more rapidly than ever before, why aren’t more companies
            capitalizing on the benefits of packet capture? Well, historically, packet analysis has been a manual
            function with very real accessibility issues. It’s not unheard of for security teams to struggle to pull several
            weeks' worth of packets, running searches for hours or days across massive files to find the evidence
            they are looking for. Unsurprisingly, this type of packet handling has also been costly.

            Packet capture has also mainly been used by senior security analysts with deep experience in packet
            forensics -- a specific skill that's in short-supply, and not something more junior analysts know how to do,
            despite its necessity in today’s threat landscape.

            How do you do packet capture well, so that everyone (not just experienced, senior packet analysts) can
            quickly find the data they need, get to relevant packets from alerts in their relevant tools, and extract
            value from that full packet data?

            As renowned SANS Institute course instructor Jake Williams likes to say, “today’s packet capture is not
            your Grandma’s packet capture.” Indeed, packet capture has truly moved to the next level, and security-
            savvy companies are deploying distributed, centrally managed recording appliances that are designed to
            be modular and highly scalable to deliver the storage capacity, performance and rapid search that is
            needed while accelerating investigation and response time.






































                                                                                                            159