Enterprise-Scale Solution Improves Network Forensics

Access Data announced the release of Silent Runner Sentinel, a next generation network forensics solution engineered to deliver large-scale security functionality. Silent Runner Sentinel enables the forensic collection of network data at full gigabit network speed. The original Silent Runner product collects network traffic at 100 MBit/s and will still be available. Silent Runner Sentinel ought to deliver true enterprise security capabilities: monitoring, capturing and analyzing network traffic on a large scale.

Access Data Silent Runner Sentinel ought to offer powerful pattern and content analytics, full packet capture and reassembly, on-demand incident playback, an easy-to-use interface, and the ability to visualize network traffic. According to Access Data the solution gives organizations a view into their network that no other product can. Silent Runner Sentinel ought to enable the capture and analysis of both network data and host-based data for a 360-degree approach to incident response and digital investigations.

“SilentRunner Sentinel is the enterprise network forensics piece of Access Data’s solution portfolio, and with it, organizations can zero in on even the most sophisticated exploits perpetrated by malicious insiders and skilled hackers,” says Jason Mical, Director of Network Forensics.

To ensure the robust functionality of Silent Runner Sentinel, AccessData delivers its Sentinel collectors preconfigured on Dell Power Edge R900 hardware. As Dell’s most powerful Intel server the Enterprise-class and rack-optimized Power Edge R900 features high-level performance, scalability, system availability and I/O expandability.

Features of Access Data Silent Runner Sentinel:

  • capture network traffic at full gigabit network line speeds
  • Web-based interface for centralized command and control of the collection engines
  • unlimited session content capture
  • dynamic protocol/service identification means that collections are no longer port-based, they are dynamically identified by the packet information
  • simplified architecture means that significantly less hardware is required for network deployments
  • Red Hat Linux-based collection platform – a significantly more stable operating system and also a guarantee of complete packet captures
  • integration and optimization with Oracle 11g means powerful processing and indexing, and faster insertions and extractions of data
  • improved query speed for VOIP, email and web-based reporting
  • appliance-based collectors run on Dell PowerEdge R900 servers, a plug and play appliance for easy deployment and configuration
  • schedule tcp dump captures along with immediate hashing of the output files to ensure forensic integrity, which is useful for lawful interception at ISPs

(Source: Access Data/GST)

Matomo