Strategy, Threat intelligence

Full packet capture and analysis can help fight APTs and zero-day attacks

May 3, 2021
The Kimsuky APT group from North Korean was the focus of a warning by the federal government last fall. Today’s columnist, Jeremy Leasher of Axellio, writes that packet capture and analysis (PCAP) can help security teams combat APTs. Photo by Roman Harak is licensed under CC BY-SA 2.0
  • Scalability issues: Today’s network traffic speeds at 40 and 100 Gbps and double-digit annual traffic growth challenges those architectures, leading to racks of equipment to distribute and analyze the traffic load for capture.
  • Slow data access:  This negatively impacts capture performance. Today’s packet capture products are unable to read and write concurrently. If the user tries to access a large amount of data on disk, packets on the capture site may be dropped due to resource constraints, creating gaps in the network data captured, impacting intrusion detection and analysis.
  • Limited resource: Because of these limitations, packet capture solutions are often a scares resource in most organization, leading to limited and reactive deployments, often initiated after an intrusion is detected. This adds further complexity as deployments and configurations are complex, events need to happen again to be captured.
prestitial ad