SilentRunner® Sentinel network forensics software is like having a surveillance camera on your network.
Operating like a network surveillance camera, SilentRunner Sentinel allows you to monitor, capture, analyze and graphically visualize network traffic to see exactly what is happening on your network during a proactive audit or cyber investigation. By watching network communications from a high-level, patterns and communication paths will be uncovered that allow you to zero in on suspicious activity, such as policy violations, internal collusion, bandwidth overuse, and questionable in- or outbound connections. Furthermore the visibility gained by using SilentRunner Sentinel enables you to clearly determine the scope and scale of a security breach, as well as proactively identify weaknesses in your security configurations. In addition, you can play back events from thousands of communications to validate a threat and perform root cause analysis. SilentRunner Sentinel dramatically enhances your incident detection and response capabilities, giving you the power to see what your signature-based tools cannot.
Detect what Signature-based Tools Can’t See
SilentRunner graphically illustrates communication flows to swiftly expose anomalies, illegal connections, and security and network problems. The time sequencing function allows you to identify network communication “habits”, anomalies and specific events. Being able to see these anomalies is a must have for detecting malware, malicious insiders and advanced persistent threats that have circumvented your perimeter defense and alerting tools.
Catch What DLPs Miss
When anomalies are identified you can drill down into the content to see exactly what is happening — for example credit card numbers being chatted outside the network or somebody visiting unauthorized websites.
Root Cause Analysis
Reconstruct events, playing back incidents in real time to determine the origin of a threat, see how it is propagating and quickly identify all compromised assets.
Network Compliance Auditing
Proactively perform network compliance audits to facilitate compliance with regulations such as FISMA, HIPPA, ISO 1779, SOX\GLB, and PCI standards.
Monitor Laptops, Even When They Aren’t Logged into Organization’s Network
With typical network forensics tools, once a laptop leaves the organization’s network, you’re blind. But SilentRunner now has a host-based analysis capability that allows you to monitor traveling employees’ internet activity, even if they are using their company laptop on public wifi.
Network Forensics Software for Real-Time Capture and Visualization
- High-performance collection of network speeds up to 10 Gbps.
- Real-time network data is recorded into a central knowledge base that can be queried.
- Load custom filters, for example, an Excel spreadsheet with 2000 IP addresses.
- Web reconstruction reporting: keyword searches, file transfers, video files and more, within captured Web traffic.
- See internet activity, even on assets that are not logged into your network.
- Play back captured VoIP calls in seconds.
- Build threat profiles to monitor for recurrence of known threats.
- Receive real-time email alerts.
- Automatically restarts failed services without user intervention to reduce downtime.
- Several data retention options to define the length of time that data will be retained and active in the database.
Correlate Network Traffic with Event Logs and Alerts
Visualize firewall events, logs from alerting technologies and pertinent network data surrounding a suspicious incident to validate the threat and perform root cause analysis.
Content and Pattern Analysis
- Determine the exact behavior of a suspect by viewing their network usage patterns and which content they’re accessing.
- Build “integrated maps” of assets or users to see after-hours usage spikes and anomalous data traffic to identify malware, malicious insiders and advanced exploits that cannot be seen by signature-based perimeter defense and alerting tools.
- See how proprietary or inappropriate information proliferated independent of keyword or linguistic matching.
- Use interactive graphical representations to efficiently analyze users, hosts, domains, applications, protocols and addresses — detecting changes or abnormalities from established network baselines.
On-demand Security Incident Playback and Analysis
SilentRunner Sentinel stores and catalogs network data into a central repository allowing you to play back the exact sequence of events to ensure effective and accurate investigations.