PCAP Enables Defenders to See and Capture Exactly What Has Happened Across a Network, But Comes With Challenges
PCAP, or full packet data capture for analysis, does what it says – it captures the entirety of every packet that comprises the network traffic (both metadata and content). If something happens on the network, PCAP knows about it. Whether it is malware moving data around, or staff arranging a private party, it can be captured and then analyzed.
PCAP provides what CISOs seek but rarely achieve – total visibility into the network.
The security potential for this type of traffic monitoring is clear, and probably explains the motivation for a number of U.S. federal agencies investigating their options. Toward the end of 2020, in the first flush of the SolarWinds debacle, the DHS, the Department of State, Aberdeen Proving Grounds, the U.S. Marine Corps (USMC), and the Missile Defense Agency (MDA) all issued requests for proposals (RFPs) and requests for information (RFIs) for PCAP solutions.
The Homeland Security Department’s Enterprise Security Operations Center stated that it considered “Full Packet Capture a cornerstone of the cyber security visibility stack enabling analysts to perform investigation analysis while also satisfying DHS security requirements.”
This sudden rush to PCAP poses a couple of obvious questions. If PCAP is such a powerful security tool, why hasn’t it already been widely adopted among the agencies? And is this movement within the federal agencies likely to migrate to the general business sector?
All-seeing benefits
“The packets never lie,” says Vectra’s EMEA director, Matt Walmsley. “Packet capture has long been the gold standard of pri ..
Support the originator by clicking the read the rest link below.
