Trellix Network Forensics
Minimize the impact of network attacks with high-performance packet capture and investigation analysis.
Minimize the impact of network attacks with high-performance packet capture and investigation analysis
Your organization needs early incident detection and swift investigation to determine scope and impact, effectively contain threats, and resecure your network.
Trellix Network Forensics pairs the industry’s fastest lossless network data capture and retrieval solution with centralized analysis and visualization. It accelerates the network forensics process with a single workbench that simplifies investigations and reduces risk.
Network Forensics allows you to identify and resolve security incidents faster by capturing and indexing full packets at high speeds. With Network Forensics, you can detect a broad range of security incidents, improve your response quality, and precisely quantify the impact of each incident.
Part of Network Forensics, investigation analysis appliances reveal hidden threats and accelerate incident response by adding a centralized workbench with an easy-to-use analytical interface.
Analysts can review specific network packets and sessions before, during, and after an attack. By reconstructing and visualizing the events triggering malware download or callback, your security team can respond effectively and swiftly to prevent recurrence. They can also expand visibility into attacker activity by decoding protocols typically used to laterally spread attacks in a network.
This unique combination of high-performance packet capture and in-depth analytics helps your organization quickly recognize and monitor every element of an attack.
Packet Capture Appliances
Next-Generation Packet Capture Appliances
Virtual Appliances
Benefits
- Conduct Effective Threat Investigations
Detect a broad range of security incidents, improve your response quality, and precisely quantify the impact of each incident. - Reconstruct the Cyber Attack Kill Chain
Reveal hidden threats and accelerate incident response by reviewing specific network packets and sessions before, during, and after an attack. - Reduce the Mean Time to Detect and Respond
Accelerate the network forensics process with a single workbench that simplifies investigations and remediates attacks.
Features
Capture Vital Data To Detect Breaches Faster
Capture and index network packets with time stamping and connection attributes at recording speeds up to 20 Gbps.
Aggregate IOC Data from Multiple Tools
Consolidate alerts from other Trellix and third-party products along with all network metadata in a single workbench with immediate “one click” pivot to session data.
Centralize Visibility of Threat Data
View and share specific network metadata and activity through easy-to-create custom dashboards and search web, email, FTP, DNS, chat, SSL connection details, and file attachments.
Execute Threat Hunting Tactics
Hunt for anomalies or malicious, suspicious, or risky activities that may have evaded detection by your existing tools.
Get Results Fast
Search and retrieve target connections and packets quickly and conduct centralized application-level keyword, regex, and wildcard queries across all alerts, captured flow, and metadata.
Support Evolving Architectures
Scale deployments across premises, hybrid and cloud environments to meet distributed and large enterprise requirements.
Get to know the Trellix Ecosystem
The Trellix Platform learns and adapts for living protection while delivering native and open connections and providing expert and embedded support for your team.