DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. IoT
  4. Platform for Incident and Breach Responders

Platform for Incident and Breach Responders

PacketSled released a new incident response platform providing security professionals with insight to quickly identify attacker activity.

Tom Smith user avatar by
Tom Smith
CORE ·
Mar. 24, 17 · News
Like (1)
Save
Tweet
Share
2.43K Views

Join the DZone community and get the full member experience.

Join For Free

PacketSled has released its Incident Response (IR) platform, a network visibility solution for incident responders. The PacketSled IR platform enables incident and breach response teams to quickly identify attacker activity by monitoring network traffic and performing advanced protocol analysis combined with sophisticated analytics.

The PacketSled platform provides network visibility from deep packet inspection, protocol dissection, ensemble detection methods, and behavioral analysis with a visualization engine that provides first responders with an intuitive and efficient view of network activity. This capability, combined with system automation and ease of sensor implementation, helps incident responders.

According to PacketSled CEO, Fred Wilmot, the PacketSled sensor technology from the IR platform can be installed in minutes with no need for expensive and bulky appliances. "We set out to build a flexible network visibility platform that incident responders can deploy anywhere quickly. Today, we are enabling first responders with that capability, shortening the gap between compromise detection and response, and magnifying their capabilities in minutes," said Wilmot.

“PacketSled provides IR investigators with the ability to monitor suspicious traffic by creating individual cases within it. It also provides the ability to trigger specific packet captures if suspicious traffic is starting and stopping, as is often the case with malware,” said David Biser, Manager of the Critical Incident Response Team at NTT Security. “Rather than ‘speaking’ continually, most malware will be silent until it is time to ‘phone home.’ If identified, you can enable PacketSled to conduct a packet capture of specific traffic that frees an investigator to continue to investigate other suspicious events. We have found the new platform from PacketSled to be a tremendous asset for the work that we do.”

The PacketSled IR platform is not just extensible for IR toolchains, it’s flexible in deployment options as well. Most incident response teams will take advantage of the PacketSled Cloud platform. For cloud-averse, security-restricted or classified environments, PacketSled provides a portable platform that can be shipped anywhere around the world.

In addition to fast and easy sensor deployment, IR teams can track and manage incident behavior through the PacketSled Case Manager. Once IR teams establish attack chain behavior, responders can persist that logic through PacketSled’s Incident Response Expert System (IRES). IRES allows responders to add network indicators of compromise (IOCs), behaviors, conditions, and patterns to a sensor with a few mouse clicks, leveraging MITRE’s ATT&CK framework. The Sensor Management Framework also allows responders to add custom intelligence feeds, including STIX objects for known campaign activity.

“If PacketSled were being used on the network prior to an incident it would provide those first responders with the ability to monitor, identify, and record suspicious events and traffic, which would then give the Incident Response analysts better ability to quickly identify the issue, mediate it, and stop the attack. In one incident, I found what appeared to be a brute force attack. This application was making multiple calls using SMB traffic that looked like an attempt to compromise a password. Once the behavior was identified through PacketSled’s platform, I was able to respond immediately and conduct a packet capture of specific traffic to collect artifacts and free me, as an investigator, to continue to explore other suspicious events,” added David Biser.

Network Information retrieval teams Incident response team Expert system Visibility (geometry) Protocol (object-oriented programming) Event Monitor (synchronization)

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Getting Started With JMS-ActiveMQ: Explained in a Simple Way
  • 2023 Software Testing Trends: A Look Ahead at the Industry's Future
  • Distributed Stateful Edge Platforms
  • Architecture and Code Design, Pt. 2: Polyglot Persistence Insights To Use Today and in the Upcoming Years

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: