Savvius goes from Packet Capture to Cyber Forensics in one move

Savvius Director Riaz Khan talks how 25 years of performance analysis as WildPackets led to a company-wide pivot.

Despite greater information flows and ever-evolving criminals, security is constantly fighting to get things done quicker and easier.

Given the length of time taken to discover breaches, and incoming regulations such as GDPR, which demand breach notification in a very short space of time, instant and detailed incident response could be a very valuable tool.

“Most breaches take place a lot earlier [than they are discovered] and then you've got no real way of actually identifying when that happened,” says Riaz Khan, Director of UKI & EMEA Sales at Savvius.

Despite being new to the security business, Savvius has been around for a long while. Previously known as WildPackets, the company has been in business for over 25 years, providing packet capture for network and application performance analysis solutions. The privately owned, California-based company’s rebrand last year coincided with the release of its latest cyber-forensics product, Vigil. 

“The idea is that you or your security technician can now go in and they can quickly look at what actually happened, first with the alert and then can go back and say, “What did they do?” “Did they attack us?” “Did they leave something in there?””

A pivot of sorts

While acknowledging a pivot into the security landscape was something of a big change, the company has already secured partnerships with the likes of Cisco, Palo Alto, Q1 Labs [IBM Security], and various others in the industry.

“Before launching Vigil we decided that we had to re-brand ourselves to go into the security market,” he says. “Going into this market we needed to rebrand ourselves, refresh everything.”

“We know the product fits. If it didn't these large players wouldn't work with us. so there is a need for it.”

Khan explains that Savvius and Vigil make use of that packet capture expertise, but offer it up in a new way.

“We didn't veer away from our core product. The purpose of the appliance is to sit alongside an IDS Intrusion Detection System, IPS, or SIEM solution, and take in all the alerts that are coming in.”

“What we do is we capture five minutes of traffic before, and five minutes after, all the time, as soon as we get an alert from the IDS or we see an incident. We store that data away, and we throw the rest away.”

Having seen the demo first-hand, Vigil seems to offer something a bit different. The ability to see all information going in and out of your network for a not insignificant amount of time before and after an event is useful [and stored in a PCAP format], and a decent UI means you can quickly identify false positives and get granular with actual incidents [for example sending any questionable executables to your preferred security tester of choice].