Trellix PX 2060ESS-96
Packet Capture 2U Appliance

Overview

The Trellix PX 2060ESS-96 is a powerful forensics tool that continuously captures packets at a high rate of speed without loss. It enables packet search and retrieval in minutes using an intelligent real-time indexing method.

Network Forensics

Your organization needs early incident detection and swift investigation to determine scope and impact, effectively contain threats, and resecure your network.

Trellix Network Forensics pairs the industry’s fastest lossless network data capture and retrieval solution with centralized analysis and visualization. It accelerates the network forensics process with a single workbench that simplifies investigations and reduces risk.

Network Forensics allows you to identify and resolve security incidents faster by capturing and indexing full packets at high speeds. With Network Forensics, you can detect a broad range of security incidents, improve your response quality, and precisely quantify the impact of each incident.

Part of Network Forensics, investigation analysis appliances reveal hidden threats and accelerate incident response by adding a centralized workbench with an easy-to-use analytical interface.

Analysts can review specific network packets and sessions before, during, and after an attack. By reconstructing and visualizing the events triggering malware download or callback, your security team can respond effectively and swiftly to prevent recurrence. They can also expand visibility into attacker activity by decoding protocols typically used to laterally spread attacks in a network.

This unique combination of high-performance packet capture and in-depth analytics helps your organization quickly recognize and monitor every element of an attack.

Packet Capture Highlights

• High performance: Continuous lossless packet capture with time stamping at recording speeds up to 20 Gbps
• High fidelity: Real-time indexing of all captured packets using time stamp and connection attributes; export of flow index and connection metadata in JSON format; flow index can be converted to NetFlow v9, IPFIX, and SiLK Data formats
• Fast results: Ultrafast search and retrieval of target connections and packets using patented indexing architecture
• Rich context: Web-based, drill-down GUI for search and inspection of packets, connections, and sessions
• Extensive visibility: Session decoder support to view and search web, email, FTP, DNS, chat, SSL connection details, and file attachments
• Intelligent capture: Selective filtering of captured traffic to eliminate streaming video, large file transfers, encrypted payloads, and more
• Improved efficiencies: Automated processes to identify data theft, using proprietary algorithms to diagnose potentially anomalous network behavior

Features

Capture Vital Data To Detect Breaches Faster

Capture and index network packets with time stamping and connection attributes at recording speeds up to 20 Gbps.

Aggregate IOC Data from Multiple Tools

Consolidate alerts from other Trellix and third-party products along with all network metadata in a single workbench with immediate “one click” pivot to session data.

Centralize Visibility of Threat Data

View and share specific network metadata and activity through easy-to-create custom dashboards and search web, email, FTP, DNS, chat, SSL connection details, and file attachments.

Execute Threat Hunting Tactics

Hunt for anomalies or malicious, suspicious, or risky activities that may have evaded detection by your existing tools.

Get Results Fast

Search and retrieve target connections and packets quickly and conduct centralized application-level keyword, regex, and wildcard queries across all alerts, captured flow, and metadata.

Support Evolving Architectures

Scale deployments across premises, hybrid and cloud environments to meet distributed and large enterprise requirements.

Benefits

Conduct Effective Threat Investigations

Detect a broad range of security incidents, improve your response quality, and precisely quantify the impact of each incident.

Reconstruct the Cyber Attack Kill Chain

Reveal hidden threats and accelerate incident response by reviewing specific network packets and sessions before, during, and after an attack.

Reduce the Mean Time to Detect and Respond

Accelerate the network forensics process with a single workbench that simplifies investigations and remediates attacks.

Specifications

Documentation

Download the Trellix Network Forensics Datasheet (.PDF)