• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
    • Bookings
      • Approved Interview Form
      • Approved Interview Form – Returning Guest
      • Conference Collection Form
  • Hosts
  • Company
    • About
    • Contact
    • Careers

Articles/ Incident Response/ Insider Threat/ Intrusion Detection/ Network Traffic Analysis/ Security Operations/ SIEM/ Threat Hunting

Packet Collection and Analysis at Scale

Matt Alderman June 11, 2020

There are numerous security use cases where the integration of network packet data provides additional contextual information for better actionability.  Free and open source packet capture tools do a great job capturing packets, but how do you collect, aggregate, and analyze that data at scale?

Let’s start with a quick review of packet capture tools, commonly known as packet sniffers, such as Wireshark or stenographer.  These tools intercept traffic data from wired or wireless networks and copy it to a file, a pcap.  Interception is done primarily through a network tap that mirrors the traffic to the packet sniffer.  Collected packets can be encrypted and compressed for later analysis, typically offline.  They support hundreds of protocols across multiple platforms to improve network capacity and bandwidth, increase network efficiency, ensure delivery of services, and enhance security.  We’ll focus on the “enhance security” benefits of these tools.

Now I don’t know about you, but it’s been a long time (over 15 year) since I’ve had to review a pcap file.  The free and open source tools have filters and other basic analysis tools to help read these files, but security use cases need to integrate these packets and correlate them with other data, including logs.  This requires an export, normalization, and aggregation into another security tool for analysis, typically a security incident and event management (SIEM) solution, but how do you do this at scale?

This is where Gravwell’s solution shines.  Gravwell enables threat hunters and network analysts to correlate and search logs and packets for root-cause analysis without worrying about how much data they can ingest and keep and without spending time massaging data.  Gravwell’s new Packet Fleet ingester solves the challenges of collecting packet data on-demand such that it can be analyzed at scale.  Packet Fleet extends the benefits you’ve come love from Gravwell, including:

  • Unlimited Ingestion & Retention
  • Binary & Agnostic Data Support
  • Scalable & Distributed Solution

To learn more about Gravwell Packet Fleet, watch the interview on Paul’s Security Weekly here or visit securityweekly.com/gravwell for more information.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

linux security

Articles /

How to Defend Linux from Attacks

Behavior Detections

Incident Response /

How Behavioral Detections Actually Discovered the SolarWinds Orion SUNBURST Attack

NDR

Insider Threat /

Why Network Data Should be the Foundation of Your Security Strategy

‹ Reducing Remediation Costs from a Breach › Prioritizing and Closing the Loop in Your Vulnerability Management Program

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS Feed RSS - Posts

Search

Follow Us On Twitter

→ Follow Us
© Security Weekly 2021
Powered by WordPress • Themify WordPress Themes