|
Flagship product PacketSled Cloud Cost Varies based on observed traffic and forensic retention. Small instances can start at $1K per month. Innovation Large-scale integration of all types of relevant data that can assist in managing attacks in a cloud environment. Greatest strength Understanding of the types of analytics needed to address complex attack tactics, techniques and procedures and making those analytics available to less skilled users. Long-term data storage allowing retrospective analysis of past events in light of new information.
|
Vendor PacketSled
PacketSled is a cloud-based, real-time breach detection and network forensics vendor. The company's product is focused on finding complex attacks at all layers of the network stack and providing forensic evidence of advanced attacks. It aggregates intelligence about threat actors and builds correlated attack chain models that can be leveraged across a large-scale datastore.
The company was started because the founders perceived serious gaps in the information security marketplace. These included packet capture for forensic analysis, scalability and usability. They believed that everyone needs the ability to dive into the problem, realizing at the same time that smaller companies can't afford the tools and specialists necessary to achieve good results in complicated situations. Their solution was to develop a cloud platform so that any size company can engage potential attacks at the enterprise level. One of the Innovators in the company told us, “Everybody should have the ability to protect themselves from the bad guys and benefit from the technology.” For larger companies, they would have to buy a large system and manage it. That can be difficult. For a small company, it likely would be prohibitive. As are many security vendors, PacketSled is looking at the Internet of Things, “because the only truth is in the packet."
The cloud model lowers the cost of digital forensic incident response. Traditional technology, this Innovator believes, does not enable everybody.
PacketSled uses a correlated attack model, meaning an information model with ad hoc queries, lots of data and no limitations on what they can search. They also have a new behavioral model in development.
This Innovator sees visualization as an important part of a major problem: a very limited number of people are cybersecurity experts. Many of the people doing incident response, forensics, security operations center analysis and so on may not have deep knowledge and experience. Giving them advanced tools that do much of the heavy lifting gives these people important enablers and strong experience that can result in training for their futures. Also, in managing security incidents, speed counts. PacketSled provides easy, fast understanding that allows analysts to pick useful information out of the noise. More of that will come when PacketSled introduces their behavioral modeling.
