Guest

Cisco Security Packet Analyzer

Intelligent Packet Capture for Faster Response

The Cisco Security Packet Analyzer provides tools that help you investigate security events and anomalous network activity. It works in conjunction with Cisco Stealthwatch to speed incident response and network forensics.

Features and capabilities

Network threats and cybercriminals are getting smarter. The question today is not whether your network will be breached. The question is when. The need to respond to advanced threats quickly has never been greater.

Many organizations possess some level of security monitoring and incident response capability. Security professionals can speed incident response in several ways. A common method is using packet capture solutions. These can collect and store all of the information that traverses the network.

However, an organization might look for a full packet capture without the need to store all packets from all time. That is, they look for packets specific to those events for a faster investigation. This is where Packet Analyzer plays a very important role.

Intelligent Capture

With Packet Analyzer you can conduct packet capture in select areas of the network where an incident is detected. Unlike traditional solutions, Packet Analyzer gives operators the ability to store and search only the packets that trigger alarms in the user interface. Through integration with other Cisco Security products, Packet Analyzer provides analysts with the ability to capture all the raw packets from network. There is no need to sift through all the packets that are captured from network traffic or hold them for later investigation.

Using Packet Analyzer, organizations are thus able to:

  • Gain a complete view of the contents of any conversation within the network
  • Obtain granular details of what occurred in the network at a given point in time
  • Speed incident response with a targeted analysis of packets associated with a security alarm or other suspicious activity
  • Examine the exact sequence of events in an investigation

How It Works

Cisco Security Packet Analyzer uses Stealthwatch flow data analysis to locate specific points in the data stream. It then generates a detailed search query to locate those packets.

It delivers real-time high performance with either four Gigabit Ethernet or two 10 Gigabit Ethernet interfaces. Packet Analyzer captures all frames, including those normally discarded by standard network interface cards (NICs).

Packet Analyzer stores data in industry-standard packet capture format.

Multiple Benefits

Packet Analyzer helps you put threat intelligence to use quickly with your existing security and network infrastructure.

In addition, Packet Analyzer can be used to get comprehensive traffic statistics, visibility into overlay networks (OTV, LISP, VXLAN, etc.), Application Response Time (ART) metrics, and Layers 4-7 application recognition using next-generation Network Based Application Recognition (NBAR2).

Specifications at a Glance

  • 2 rack units (2RU)
  • 2 Intel® Xeon® E5-2660 processors
  • 128 GB industry-standard double data rate (DDR4) main memory
  • 48 TB (24 x 2 TB) SAS drives
  • SAS port and modular LAN on motherboard (mLOM)
  • Monitoring ports (one of the following): 4 x 1 GE RJ-45;  4 x 1 GE SFP; 2 x 10 GE SFP+
  • 10/100/1000 RJ-45 as a management port
Data Sheets and Literature

Let Us Help