Home > Overview > Network Forensics >

print

Cyber Security Attack Analysis

With the TimeLine network recorder, data is always available for reconstruction for easy analysis of cyber attacks and network security breaches.

Serious Cyber Security

Get the tools you need to analyze cyber attacks and network security breaches.

Between 2008 and 2009, reported cyberattacks on U.S. government computer networks climbed 40% and tracked accounts of unauthorized access to government computers and installations of hostile programs rose 140% (from 3,928 combined incidents in 2007 to 5,488 in 2008).

And attacks aren't limited to just the government sector. Cyber criminals can purchase access to botnets to steal data or worse. In June approximately 100,000 domains, including corporate domains from around the world were identified as part of the Golden Cash network.

Recently cyber criminals targeted South Korean and US government sites as well as popular social networking sites such as Twitter and Facebook, causing temporary outages. A 2009 Security Mega Trends Survey reported that 92% of respondents reported that their companies have had a cyber attack. As criminals get smarter and more savvy with their attacks, being able to detect and characterize attacks - whether they've just begun or occurred days ago - is crucial. Are you prepared?

All pertinent network traffic is collected in a single location, rather than scattered across the network. Data is captured in a common data format and does not need to be transferred or translated in any way for analysis. Using the network forensics data mining tools, security teams can reconstruct the sequence of events that occur at the time of a network breach or cyber attack and get the complete picture.

The NOC of a medium-sized online retailer suspected a network breach, and immediately contacted the Chief Security Officer. The CSO knew she must quickly determine:

• What damage has been done?
• Who was the intruder?
• How did the intruder penetrate our security?
• Did the intruder leave other dangers behind? Worms? Trojan horse?
• Did we collect sufficient data to analyze and reproduce the attack?

In the past when the CSO and her staff suspected that a breach had occurred, they found themselves having to collect diverse types of data, with different formats, from a multitude of sources such as firewall logs, router logs, Intrusion Detection Systems (IDS), server logs, hard drives and system dumps. This resulting hodge-podge of data could not be easily recompiled into a coherent picture, forcing the team had to take a guess about the breach.

Solution

Using the TimeLine network recorder, the CSO and her team were now able to capture, analyze and reconstruct the network traffic on demand. This examination of individual conversations and their component packets allowed the CSO to quickly reconstruct the sequence of events that were occurring during the time of the suspected network breach.