Savvius looks to help security teams with forensic investigations

Savvius, Inc. is looking to broaden its user base for OmniPeek 10, the company’s latest major update to its software for network performance diagnostics and troubleshooting, by appealing to security teams with features to help with their investigations.

“What we’re finding is it’s just not engineers anymore that want to do packet analysis,” said Savvius director of products Jay Botelho. “We’re definitely finding a growing percentage of people in security who want to do packet analysis.” This includes those brought in on contract to conduct a specific forensic investigation, he said.

The release of OmniPeek 10 marks the first time in recent years that Savvius has taken a new spin on the software, said Botelho, as it looks to provide a combination of tools that makes it useful for security investigations as well as the tradition networking market customer base. “Security features area important to network engineers too.”

The update includes some key features that focus on the needs of security professionals, he said, as packet data software has historically been awkward and time-consuming to use in a security investigation. OmniPeek 10 is designed to help both network and security professionals access the specific data they need.

Botelho said OmniPeek 10 provides the latter with a single tool with improved workflow for security investigations that helps them look at particular files. “They’re not entirely comfortable with packet analysis,” he said. “They don’t want to look at packets if they don’t have to.”

Instead, the software provides more metadata to solve problems and avoid manual protocol analysis where possible. One feature that supports this is the ability to open multiple large capture files simultaneously by filtering the packet files before they are loaded and analyzed, reduces file size and helps to speed up response times.

Another related feature in OmniPeek 10 is “View File Content,” which reconstructs files by extracting data from reassembled HTTP payloads to provides critical information about file content. Botelho said this enables security analysts to see exactly what files were transferred at a particular time between every user on the network; they can search assembled packet payloads for any string, filter data by country, add as many custom decode columns as they require, and perform fast forensics searches. The streamlined user interface can now include security alerts from popular open-source IDS platforms such as Snort and Suricata.

OmniPeek also works with Savvius’ appliances, notifying administrators via syslog and e-mail if an Omnipliance drive goes down or a network capture stops. “Customers are relying on our appliance to capture packet data,” Botelho said. “They expect the packets to be there.”

The updates in OmniPeek 10 are also about getting security experts and network engineers working together, he added. “The security [professional] may not be completely comfortable with this type of investigation, and it allows network people to be more helpful.”

Early this year, Savvius released version 9.1 of OmniPeek to better support real-time as well as forensic analysis.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Gary Hilson
Gary Hilson
Gary Hilson is a Toronto-based freelance writer who has written thousands of words for print and pixel in publications across North America. His areas of interest and expertise include software, enterprise and networking technology, memory systems, green energy, sustainable transportation, and research and education. His articles have been published by EE Times, SolarEnergy.Net, Network Computing, InformationWeek, Computing Canada, Computer Dealer News, Toronto Business Times and the Ottawa Citizen, among others.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now