Bryan CardozaDirector, Security Analytics, Symantec Enterprise
There are many steps that businesses can take to ensure the security of their buildings and facilities: installing strong locks on doors, putting in alarms, and using thermal sensors that can detect motion for example. These go a long way toward making a building safer, and alerting authorities as soon as possible should bad actors manage to actually find a way inside a building.
But at Symantec, a division of Broadcom, we believe that while all of that is well and good, there are also some basic security measures that shouldn’t be overlooked. For example, cameras and digital video recording (DVR) equipment can catch criminals in the act, and help provide proof of who exactly broke into that facility—and more importantly, how. In the end, seeing is not only believing, it is understanding.
Packets Don’t Lie
The same concept can be applied to network security. Various threat detection and response (EDR, NDR, XDR, …) systems are currently getting a lot of attention, and along with prevention solutions, will remain an essential part of cyber security controls. But, to get to the end of a network attack investigation, the details that can only be provided by network forensic tools based on full packet capture are critical to know. Packets don’t lie. And like that physical security system that incorporates security cameras and video recordings into its operations, packet capture technology can lay out all the evidence of an attack for investigators to see. The SANS Institute demonstrates the importance of network forensics in security investigations in a new white paper “Packets, or It Didn’t Happen: Network-Driven Incident Investigations.” In this paper, The SANS Institute looks at the necessity of having a full security and forensic solution, including packets, in order to provide ..
Support the originator by clicking the read the rest link below.
