Page 159 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 159
Why Aren’t More Companies Capitalizing on
Packet Capture?
By Cary Wright, VP of Product Management, Endace
In a threat landscape that is now changing more rapidly than ever before, why aren’t more companies
capitalizing on the benefits of packet capture? Well, historically, packet analysis has been a manual
function with very real accessibility issues. It’s not unheard of for security teams to struggle to pull several
weeks' worth of packets, running searches for hours or days across massive files to find the evidence
they are looking for. Unsurprisingly, this type of packet handling has also been costly.
Packet capture has also mainly been used by senior security analysts with deep experience in packet
forensics -- a specific skill that's in short-supply, and not something more junior analysts know how to do,
despite its necessity in today’s threat landscape.
How do you do packet capture well, so that everyone (not just experienced, senior packet analysts) can
quickly find the data they need, get to relevant packets from alerts in their relevant tools, and extract
value from that full packet data?
As renowned SANS Institute course instructor Jake Williams likes to say, “today’s packet capture is not
your Grandma’s packet capture.” Indeed, packet capture has truly moved to the next level, and security-
savvy companies are deploying distributed, centrally managed recording appliances that are designed to
be modular and highly scalable to deliver the storage capacity, performance and rapid search that is
needed while accelerating investigation and response time.
159