Scalability issues: Today’s network traffic speeds at 40 and 100 Gbps and double-digit annual traffic growth challenges those architectures, leading to racks of equipment to distribute and analyze the traffic load for capture.
Slow data access: This negatively impacts capture performance. Today’s packet capture products are unable to read and write concurrently. If the user tries to access a large amount of data on disk, packets on the capture site may be dropped due to resource constraints, creating gaps in the network data captured, impacting intrusion detection and analysis.
Limited resource: Because of these limitations, packet capture solutions are often a scares resource in most organization, leading to limited and reactive deployments, often initiated after an intrusion is detected. This adds further complexity as deployments and configurations are complex, events need to happen again to be captured.