NetCapture

Even with the most rigorous network security controls in place, it is difficult to know exactly what traffic is traversing your network. Equally challenging is understanding what information may be entering or leaving your organisation.

Traditional technical assurance services such as penetration testing will identify potential vulnerabilities, but such activities simply cannot identify active exploitation of those vulnerabilities. Whilst common malware infections can be detected by well-configured intrusion detection systems (IDS), more sophisticated attacks using, for example, covert channels still often go undetected. Further security weaknesses may arise from misconfigured network devices or policy violations by staff; often such occurrences are either never noticed or overlooked due to the sheer volume of incidents.

A Cyberis NetCapture service is designed to overcome these limitations, complementing our other technical assurance services by providing a real-time capture and manual analysis of traffic and data entering and leaving your infrastructure. Our NetCapture service, delivered by CREST Certified Network Intrusion Analysts, provides a comprehensive snapshot of the security posture of your network. All detected security incidents are fully investigated by Cyberis consultants, resulting in a concise report of confirmed security incidents.

Deep Packet Inspection (DPI) combined with full packet capture allows security incidents to be reviewed in context, allowing the false positives common with traditional IDS to be eliminated from our service. In addition to the detection of technical threats, Cyberis is able to take your organisation's particular policies, regulatory requirements and data sensitivity issues into account when analysing your network traffic; providing a comprehensive cross-section of your exposure.

How is the NetCapture service delivered?

Cyberis' NetCapture probe is deployed at the network perimeter for a fixed period of time, using fail-safe gigabit network taps, or optionally existing SPAN ports to eliminate any downtime requirement.

After the capture phase is complete, the probe is securely transported to Cyberis offices for offline analysis. Analysis includes public and proprietary IDS signatures, heuristic techniques and manual analysis methodologies. Longer term engagements can be facilitated through the installation of secure site-to-site links where necessary.

Once analysis is complete, an on-site debrief will be delivered alongside a formal report, offering detailed event descriptions and remediation advice direct to your security personnel. Cyberis can provide forensically-sound traffic capture files should any evidence of incidents be required in any ensuing legal or disciplinary action.

Key Benefits

  • Understand what traffic and data is traversing your networks.
  • Detect malware infections, network configuration issues, out-of-date software, policy violations and more sophisticated Advanced Persistent Threats.
  • Facilitates ad-hoc network capture during a security incident, supporting incident response procedures.
  • Provides assurance of standards compliance and legislative requirements.
  • Provides a comprehensive IDS service with zero false positives.
  • Measures the efficacy of existing network security controls.