Savvius goes from Packet Capture to Cyber Forensics in one move

Savvius goes from Packet Capture to Cyber Forensics in one move

Despite greater information flows and ever-evolving criminals, security is constantly fighting to get things done quicker and easier.

Given the length of time taken to discover breaches, and incoming regulations such as GDPR, which demand breach notification in a very short space of time, instant and detailed incident response could be a very valuable tool.

“Most breaches take place a lot earlier [than they are discovered] and then you've got no real way of actually identifying when that happened,” says Riaz Khan, Director of UKI & EMEA Sales at Savvius.

Despite being new to the security business, Savvius has been around for a long while. Previously known as WildPackets, the company has been in business for over 25 years, providing packet capture for network and application performance analysis solutions. The privately owned, California-based company’s rebrand last year coincided with the release of its latest cyber-forensics product, Vigil. 

“The idea is that you or your security technician can now go in and they can quickly look at what actually happened, first with the alert and then can go back and say, “What did they do?” “Did they attack us?” “Did they leave something in there?””

A pivot of sorts

While acknowledging a pivot into the security landscape was something of a big change, the company has already secured partnerships with the likes of Cisco, Palo Alto, Q1 Labs [IBM Security], and various others in the industry.

“Before launching Vigil we decided that we had to re-brand ourselves to go into the security market,” he says. “Going into this market we needed to rebrand ourselves, refresh everything.”

“We know the product fits. If it didn't these large players wouldn't work with us. so there is a need for it.”

Khan explains that Savvius and Vigil make use of that packet capture expertise, but offer it up in a new way.

“We didn't veer away from our core product. The purpose of the appliance is to sit alongside an IDS Intrusion Detection System, IPS, or SIEM solution, and take in all the alerts that are coming in.”

“What we do is we capture five minutes of traffic before, and five minutes after, all the time, as soon as we get an alert from the IDS or we see an incident. We store that data away, and we throw the rest away.”

Having seen the demo first-hand, Vigil seems to offer something a bit different. The ability to see all information going in and out of your network for a not insignificant amount of time before and after an event is useful [and stored in a PCAP format], and a decent UI means you can quickly identify false positives and get granular with actual incidents [for example sending any questionable executables to your preferred security tester of choice].


«C-suite talk fav tech: Dave Wright, NetApp SolidFire


Billion-dollar baby: Mimecast CEO revels in public status»
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • Mail

Recommended for You


Platform or publisher?

Tech Cynic – IT without the rose-tinted spectacles


Mark Shuttleworth’s next mission: making private clouds affordable

Martin Veitch's inside track on today’s tech trends


GDPR-based extortion could be the next cybercrime trend

Dan Swinhoe casts a critical eye on the future

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?