It can take weeks to months to detect that a cybersecurity breach has occurred, and according to Verizon’s 2014 Data Breach Investigations Report, that gap is widening. Quantum has announced a joint offering with FireEye to help government agencies address the growing challenge of storing growing volumes of network traffic in order to pinpoint where, when and how a breach occurred, even if it occurred months ago.
“We know today the overwhelming majority of organizations have some malicious code in their networks,” says Tim Sullivan, vice president, Enterprise Forensics, FireEye. The offering will provide security teams with a detailed forensic report to speed up the investigation process.
By allowing organizations to store network forensic data longer and examine it faster, the joint offering will provide government agencies with a new tool in their cyber defense arsenal. Threat groups are active in an organization’s network for a median of 229 days, and conducting incident response can involve costly forensic analysis of disparate log files and network data to determine the extent of the breach.
In certain instances, organizations without robust network forensics may never fully know what data left the network, how they were compromised, or whether they have fully removed the threat actor.
The joint FireEye-Quantum solution utilizes the FireEye Network Forensics Platform to capture, index and store connection and packet information at up to 30 million packets per second. Examining full packet data allows investigators to understand attackers’ tools, techniques and procedures, enabling them to improve their network defenses and assist others via threat intelligence sharing.
According to the Ponemon Institute, incident response takes approximately four months, on average, to resolve an attack. In some cases, major breaches have cost public sector IT professionals their jobs. As these attacks become more frequent all levels of government are working through how to improve security. High-speed indexing and storage, the companies say, can be tools to work through the security audit process.