Use Cases

Contact Tracing

NETSCOUT Use Cases

Issue link: https://read.uberflip.com/i/1463980

Contents of this Issue

Navigation

Page 0 of 4

l USE CASE l S E C U R I T Y Almost all of todays sophisticated attacks affect more than one asset. Attackers need to move laterally within the network to navigate to the location of the valuable information. The more assets they can gain access to and/or compromise, the better for them. To be truly affective at managing and remediating a threat, you need to understand as much information as you can from it. Unlike end-point data, Security teams know that network packet-derived data contains all of the interactions between connected devices - wherever they may reside (e.g. the legacy network or hybrid-cloud). But typically network security tools do not provide a united and consistent set of data and workflows from packets to provide comprehensive visibility into lateral movement and view the entire attack chain. NETSCOUT ® Omnis ® Cyber Intelligence (OCI) is an advanced NDR solution that integrates with and fills the gaps left by other security tools. NETSCOUT's OCI leverages NETSCOUT CyberStream instrumentation to capture full packets at line rate (e.g., up to 100Gbps). CyberStream's patented Adaptive Service Intelligence ® (ASI) technology automatically extracts a unique, robust set of layer 3- 7 metadata from packets (we call Smart Data). With this Smart Data, security analysts can use NETSCOUT OCI to conduct highly responsive, real-time, and historical analyses to detect and investigate threats quicker. Security teams receive thousands of alerts. They must quickly determine if an alert is a false positive or a true risk to their organization. For example, an analyst receives an alert on a particular IP address inside their organization. Similar to testing positive for a virus, NETSCOUT OCI gives security analysts the ability to quickly conduct a contact tracing analysis to determine who has communicated with that device and what data has been exfiltrated. NETSCOUT Omnis Cyber Intelligence enables incidence response teams to reduce Mean Time to Knowledge from hours, days and even months, down to minutes by providing the network analyst both real- time and historical visibility into all network activity associated with an alert. In other words, the analyst can quickly conduct contact tracing or determine lateral movement of an attacker to determine the extent of breach and remediation efforts. Contact Tracing

Articles in this issue

Links on this page

view archives of Use Cases - Contact Tracing