What
is Retrospective Network Analysis?
Retrospective network analysis allows you to
quickly browse backwards through massive amounts
of network traffic to view breaches and anomalies
as they happened, within the context of other
activity on the network.
Now you can avoid the labor-intensive step of
re-creating problems to troubleshoot them.
Traditional packet capture gives administrators
insight into networks via packet-level decode
and analysis. While these tools are useful in
managing mid- to enterprise-level networks, using
them to provide administrators enough information
to solve subtle or sporadic problems is difficult.
RNA acts like a 24/7 surveillance camera—it is
far easier to find the culprit using a stored
video of the crime rather than one photograph.
How Retrospective Network Analysis
Works
Your Network Recorder
With continually captured data, GigaStor
makes it easy to “rewind” your network, determine
problem sources, and perform analysis. Retrospective
network analysis speeds troubleshooting and provides
long-term corporate-wide benefits.
Hold Everything
GigaStor holds up to 12 TB of data with standard
versions and is available in configurations supporting
up to 288 TB or offloading to a SAN for nearly
unlimited storage.
Revive the Past
GigaStor can take captured traffic and recreate
communications in an easy-to-view format. Rebuild
web pages (including images), and reconstruct
e-mails to gather evidence of network activity.
Comprehensive Analysis
More than a simple network recorder, GigaStor
provides long-term, real-time, and post-capture
network statistics and allows you to apply expert
analysis to view possible problem causes and immediate
solutions.
Answer the VoIP Call
Continually monitor VoIP performance. Save or
play voice conversations. Obtain high-level VoIP
traffic summaries and in-depth call detail records.
Track jitter, MOS, and other unified communications
statistics.
 A
Real-World RNA Example
- Suspicious Web Activity
HR requests a report on web activity for John
Doe, an employee suspected of accessing prohibited
web sites using corporate equipment.
- Go Back in Time
IT uses the GigaStor’s Time Navigation to quickly
isolate and filter down on John Doe’s web traffic
for the previous week.
- Reconstruct Web Pages
A scan shows suspicious URLs. With GigaStor,
the IT manager sees the web page exactly as
it appeared on that specific day by reconstructing
captured data. The GigaStor’s Stream Reconstruction
rebuilds web pages Doe visited during the period
in question.
- GigaStor Provides Evidence
Evidence allows HR to take appropriate action
and enforce corporate policy with the employee.
Is it the Network, the Application,
or Security?
GigaStor's forensic capabilities let you diagnose
and resolve network problems through retrospective
network analysis. GigaStor operates like a security
camera, recording everything traversing the network.
GigaStor Security Forensics determines if a security
breach occurred by comparing historical traffic
against thousands of Snort rules to identify attacks
and anomalies.
GigaStor provides drill-down analysis to determine
the source and time of breaches.
- View breaches exactly as they happened
- Identify compromised machines and network
infrastructure
- Drill down for packet-level forensic analysis
- Reconstruct mined data
- Provide evidence for compliance and security
issues
GigaStor plays a significant role in data mining,
network forensics, and data-retention compliance.
It provides a separate and unaltered view of network
activity that can be played back to investigate
connections and transactions.
GigaStor can reconstruct mined data, providing
hard evidence such as VoIP phone conversations,
web pages, documents, and e-mails.
White Paper
|
