Bounce the Bad Guys From Your Network With a Forensics Investigative Solution

Until fairly recently, the practice of network forensics investigations was more or less a black art practiced by highly skilled individuals.

Its origins seem to trace back to multiple development efforts, including research projects funded by the U.S. government, university graduate students writing protocol analysis tools and efforts by telephony research organizations to discover and terminate phone system abuse. These efforts have produced a range of offerings that today’s information technology (IT) security professionals can use to forensically investigate network breaches, discover the root cause of a successful attack and terminate these unauthorized activities in hours or days rather than weeks or months.

Organizations within the financial, retail and manufacturing industries — as well as government agencies — have now largely accepted that a network breach is inevitable, with many beginning to assume that it has already happened. Frustrated by the actions of their so-called “carbon elements,” perimeter defenses are quickly bypassed as users are duped into divulging their access credentials. While IT professionals in these environments are concerned about maintaining adequate defenses, they spend an increasing amount of their time looking for anomalous behaviors and incorporating new packet capture technologies in order to speed up and clarify forensics research efforts.

What Are the Top Incident Forensics and Data Capture Solutions?

Enterprise Management Associates (EMA) was recently commissioned to perform an analysis of the top data capture and network forensics offerings to help define the strengths and weaknesses of each approach. In addition to analyzing several incident forensics offerings and vendors, the report provides some interesting insights:

  • 53% of EMA research respondents understood that security analytics and network forensics tools augmented their Security Information and Event Management (SIEM) tools
  • 46% understood that security analytics and forensics tools were a natural evolution of the traditional SIEM
  • 95% of the organizations that implemented an analytics or forensics solution indicated that they received “expected or greater than expected value” from the solution
  • 90% of the respondents said that the introduction of an incident forensics solution had reduced false positives and improved their actionable alerts

Given the numerous data capture and network forensics tools available in the market place, it is not always easy to know which one is the best solution. According to the report, many consumers are confused with so many security vendors and tools that profess to deliver “actionable intelligence” or “actionable insights” to operators and analysts to improve security response.

EMA Analyst Report: Comparison of the best Data Capture and Network Forensics solutions

The analyst report evaluates some of the best network forensics offerings across six common criteria, including:

  • User interface
  • Data visualization
  • Data capture and reconstruction
  • Solution integration
  • Data search capabilities and performance
  • Skills required to operate

The report concludes that IBM Security QRadar Incident Forensics scored the highest overall rating with a score of 3.92 out of 4.0. You can see all the results in the image below or download the full report for a deeper analysis and commentary on each solution.

What I believe makes IBM Security QRadar solution unique is that it begins with a different development mentality. When users want to find something on the Internet, they use search engine technology. Why not do the same when searching inside networks?

QRadar Incident Forensics converts all that messy packet data back into recognizable things such as documents, Web pages and voice-over-IP. It does so automatically by using a right-click integration capability with QRadar SIEM, which tells users where to look in the first place.

This new element scores high marks in the area of user interface, data reconstruction and search speed, all while being among the easiest technology to use. Paired with QRadar SIEM’s high-probabilitiy offense notifications, it is the equivalent of a one-two punch for knocking out cyber criminals who breach a network. Once they’re in, it’s a race against time to find them before they find critical data.

Without a doubt there is no silver bullet when it comes to security. But if your organization is looking for a better way to identify threats and reduce risks within your environments, you should strongly consider a security analytics and network forensics solution. I hope this article and analyst report will help guide your decision-making.

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…