SilentRunner® enables you to answer the difficult question of "What happened?" in the aftermath of a security incident by tackling the complicated tasks of capturing, analyzing and visualizing network data. It is a passive network monitoring solution that visualizes network activity by creating a dynamic picture of communication flows, swiftly uncovering break-in attempts, weaknesses, abnormal usage, policy violations and misuse, and anomalies — before, during and after an incident. Operating like a surveillance camera, SilentRunner can play back events from thousands of communications to validate system threats and investigate security breaches. This dramatically enhances your ability to identify offenders, determine root cause, and mitigate the recurrence of the same security incident. In addition, it helps monitor infractions to regulatory controls and policy violations, providing supporting reports for auditing requirements and contributing to your ability to demonstrate compliance.

Real-Time Network Capture and Visualization

• SilentRunner promiscuously monitors and records network traffic in all seven layers of the Open Systems Interconnection stack.
• Monitors more than 1,500 protocols and services out of the box.
• Advanced visualization tools allow you to create a picture of communication flows to swiftly expose anomalies, illegal connections and security and network problems.
• Real-time network data is stored in a central database that can be queried.
• Using interactive graphical representations illustrating propogation, you can efficiently analyze users, hosts, domains, applications, protocols and addresses — detecting changes or abnormalities from established network baselines.
• Capture and analyze wireless Ethernet 802.11b and 802.11g.

Pattern and Content Analysis

• Determine the root cause of a security breach or quickly distinguish between diversionary and truly malicious incidents.
• Build “integrated maps” of certain assets or users — such as after-hours usage spikes, and mapping of virus and worm proliferation.
• Independent of keyword or linguistic matching, you can determine how proprietary or inappropriate information proliferated from code servers, HR or financial databases, R&D labs and others.

Forensic Analysis and On-Demand Incident Playback

• SilentRunner stores and catalogs network data into a central repository allowing you to play back the exact sequence of events aiding to ensure effective and accurate investigations.
• Directly visualize audit logs and alerts, and correlate actual network traffic to provide a complete picture of activity around the time a suspicious event occurred.
• Conduct post-event analysis and reconstruct events in their exact sequence to immediately uncover the source of an incident.
• SilentRunner maintains a millisecond clock to record packet timing.
• Quickly determine communication precedent and data proliferation.

Flexible Architecture

• Leverage distributed monitoring to gain visibility into multiple network segments at once and correlate network data across the enterprise.
• SilentRunner supports both centralized and distributed database architectures to provide quick and efficient data analysis.
• Mobile deployments support local policy audits and investigations.

Data Management and System Availability

• SilentRunner checks its internal self-health status to ensure healthy operation. With its “self-healing” capability, it will automatically restart failed services without user intervention to reduce downtime.
• Configure SilentRunner with several data retention options, defining the length of time that data will be retained and active in the database.