NTA Use Cases
Security Scenarios
Incident Response
When breached, every second counts! Your SecOps team will be maxed out, your management team will be on high alert, and your customers will be annoyed. The faster you can respond and recover from the incident, the less you will suffer of consequences. Being able to work together as a team, sharing insights, ideas, traces and clues will exponentially speed up the recovery process. The NTA actively facilitates SecOps team collaboration in Incident Response by providing sharing of both search criteria created by specialist team members, and the associated search results. Outside experts, AI tools, and other helpful forces can easily be brought in on the process.
Threat Hunting
The cyber enemy never sleeps, and the war against cyber attackers needs to be fought 24/7. Network attacks often starts by exploiting a seemingly benign service or software program which will open up a path to other parts of your infrastructure that are more interesting to the attacker. You have now been breached, but the offender are still only lurking around in the preparation of the actual attack. With a perfect record of all network traffic, security professionals can identify network traffic anomalies and other traces that can indicate such “lateral movement” in the network by attackers. In cooperation with the global community of cybersecurity experts, you can match your observations with databases of attack patterns and spot attacks before they materialize.
Security Hardening
How vulnerable are your infrastructure to attacks? And how will you know? Obviously, you will install firewalls, SIEMs, IDS, Anti Virus, and other malware protection solutions, but depending on your choices, your mileage may wary. And if you have been breached, and you have found the cause, and you believe you have mitigated the problem, how can you be sure that everything is now OK? With the NTA you have a recording of the entire attack scenario – specifically targeting your network – and you can then replay that scenario again and again (and at different speeds) against your infrastructure to see if your new found defenses are up to the job.
Triggered Investigations
When your firewall/IPS detects an attack, it become vital to know exactly how the attack impacted your infrastructure. The only way to do this, is to record all activity on the network. The NTA is designed to be “always on” (like a flight recorder), so when your security equipment raises an alarm, the activity that caused it have already been recorded on disk. With the NTA API it is possible to trace the attack and thereby providing the security team with the best conditions for mitigating the attack.
Performance Optimization Scenarios
24/7 Network Visibility & SLA Monitoring
Networks are running in real time and most companies have lots of network monitoring equipment already to tell them how the network is performing, both from a network perspective and from an application perspective. Yet users experience issues that are not explained by looking at a dashboard or traversing log files. The NTA provides a 100% copy of your network traffic and therefore provides a complete account of what happened in the infrastructure. Such a copy can be analyzed even further by exports and specialized tools offline until the root cause have been found. You don’t have to settle for the standard monitoring dashboards, if they don’t provide you the answers you need.
Load Testing & QoS Optimization
Ensure network Quality of Service (QoS) by replaying worst-case scenarios recorded in your own network. Real network data can be used to harden your infrastructure by replaying historic network scenarios that were problematic in the past and see if your current infrastructure setup can cope. You can even speed up the traffic replay as much as you want, all the way up to the maximum speed of the wire. In this way you can determine the maximum capacity of your infrastructure, your network specific services and network devices. You will be able to sort out the weak spots first, instead of blindly invest in infrastructure upgrades that may, or may not, give you the capacity and service level you are looking for.
Help Desk & Tech Support
Users calling in with a problem want immediate action to be taken to resolve their issues. If the issue is anything but the most trivial problems (often related to the user’s own machine or handling thereof) the Help Desk often need to “look into the issue”. Traffic recorded by the NTA will be able to provide a more meaningful response, and perhaps even solve more complex issues instantly, so that the support personnel can satisfy the user on the spot. If the user happens to be your customer as well, this ability will translate directly into customer satisfaction and therefore your bottom line result.
In-The-Field Troubleshooting
Take Wasabi Networks’ portable NTA solutions into the field and get all the features and benefits right where you need it. Isolated network segments can be monitored and analyzed with the same level of insight and detail as the core network, and problems can often be detected right on the spot. For sophisticated analysis, the recorded traffic can be brought back to the lab for further study and processing by experts and specialized tools. After use, the recording can be purged from the system as a security and privacy measure.