Global Biopharmaceutical
Riverbed AppResponse to automate the process to preserve packet-based evidence associated with security events and streamline investigations.
Challenges
- Security team needed to retain long-term packet history to analyze security breeches
Benefits
- Improves the security team’s forensic recall
- Streamlines further security investigations
- Improves security posture
Overview
This global biopharmaceutical innovator deploys the entire Riverbed Unified Network Performance Management(NPM) solution—full-fidelity flow monitoring, packet capture, and infrastructure monitoring—because they understand the adage: You cannot manage what you can’t measure. They also support its corollary: You can’t secure what you cannot see. And that’s what we are exploring today.
Alluvio AppResponse packet capture and analysis provides valuable telemetry for both network and security operations teams. The network operations team might leverage its TCP metrics and Response Time Composition Chart to investigate reports of a slow application performance problem, while the security operations team can leverage packet data that AppResponse has stored to support a security investigation.
In most cases these warnings are stored and remain available for later investigation if further sleuthing is warranted. Unfortunately, many security incidents take weeks or even months to unfold, with attacker “dwell time” growing over the last few decades. Riverbed® AppResponse APIs allow for automatic creation of relevant PCAP (short for packet capture) files that match any event of interest. This means that a security operator will have all the relevant packets available for any event when the time comes to dig deeper. Even when the event was months in the past.
Solution
Ready to Get Started?
Reach the full potential of your digital investments with Riverbed
