saecurity-3
Security

Savvius goes from Packet Capture to Cyber Forensics in one move

Despite greater information flows and ever-evolving criminals, security is constantly fighting to get things done quicker and easier.

Given the length of time taken to discover breaches, and incoming regulations such as GDPR, which demand breach notification in a very short space of time, instant and detailed incident response could be a very valuable tool.

“Most breaches take place a lot earlier [than they are discovered] and then you've got no real way of actually identifying when that happened,” says Riaz Khan, Director of UKI & EMEA Sales at Savvius.

Despite being new to the security business, Savvius has been around for a long while. Previously known as WildPackets, the company has been in business for over 25 years, providing packet capture for network and application performance analysis solutions. The privately owned, California-based company’s rebrand last year coincided with the release of its latest cyber-forensics product, Vigil. 

“The idea is that you or your security technician can now go in and they can quickly look at what actually happened, first with the alert and then can go back and say, “What did they do?” “Did they attack us?” “Did they leave something in there?””

A pivot of sorts

While acknowledging a pivot into the security landscape was something of a big change, the company has already secured partnerships with the likes of Cisco, Palo Alto, Q1 Labs [IBM Security], and various others in the industry.

“Before launching Vigil we decided that we had to re-brand ourselves to go into the security market,” he says. “Going into this market we needed to rebrand ourselves, refresh everything.”

“We know the product fits. If it didn't these large players wouldn't work with us. so there is a need for it.”

Khan explains that Savvius and Vigil make use of that packet capture expertise, but offer it up in a new way.

“We didn't veer away from our core product. The purpose of the appliance is to sit alongside an IDS Intrusion Detection System, IPS, or SIEM solution, and take in all the alerts that are coming in.”

“What we do is we capture five minutes of traffic before, and five minutes after, all the time, as soon as we get an alert from the IDS or we see an incident. We store that data away, and we throw the rest away.”

Having seen the demo first-hand, Vigil seems to offer something a bit different. The ability to see all information going in and out of your network for a not insignificant amount of time before and after an event is useful [and stored in a PCAP format], and a decent UI means you can quickly identify false positives and get granular with actual incidents [for example sending any questionable executables to your preferred security tester of choice].

PREVIOUS ARTICLE

« Billion-dollar baby: Mimecast CEO revels in public status

NEXT ARTICLE

C-suite talk fav tech: Dave Wright, NetApp SolidFire »
author_image
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?