CASE STUDY Security warnings, such as those from an intrusion detection system or a log-based alerting system, do not always immediately rise to the level of an incident. In most cases these warnings are stored and remain available for later investigation if further sleuthing is warranted. Unfortunately, many security incidents take weeks or even months to unfold, with attacker “dwell time” growing over the last few decades. Riverbed® AppResponse APIs allow for automatic creation of relevant PCAP (short for packet capture) files that match any event of interest. This means that a security operator will have all the relevant packets available for any event when the time comes to dig deeper. Even when the event was months in the past. Background This global biopharmaceutical

Join for free to read