This sudden rush to PCAP poses a couple of obvious questions. The Homeland Security Department’s Enterprise Security Operations Center stated that it considered “Full Packet Capture a cornerstone of the cyber security visibility stack enabling analysts to perform investigation analysis while also satisfying DHS security requirements.” Marine Corps (USMC), and the Missile Defense Agency (MDA) all issued requests for proposals (RFPs) and requests for information (RFIs) for PCAP solutions. Toward the end of 2020, in the first flush of the SolarWinds debacle, the DHS, the Department of State, Aberdeen Proving Grounds, the U.S.
federal agencies investigating their options. The security potential for this type of traffic monitoring is clear, and probably explains the motivation for a number of U.S. PCAP provides what CISOs seek but rarely achieve – total visibility into the network. Whether it is malware moving data around, or staff arranging a private party, it can be captured and then analyzed.
If something happens on the network, PCAP knows about it. PCAP, or full packet data capture for analysis, does what it says – it captures the entirety of every packet that comprises the network traffic (both metadata and content). PCAP Enables Defenders to See and Capture Exactly What Has Happened Across a Network, But Comes With Challenges
0 kommentar(er)
