Savvius™, Inc., a leader in packet intelligence solutions for security investigations and network performance diagnostics, today announced that Savvius Vigil™, a high-performance network traffic analytics appliance that utilizes alerts from IDS/IPS/SIEM devices to automate the data collection of security incidents, now integrates more deeply with Cisco FirePOWER® NGIPS. Organizations using both products can now investigate and respond to security alerts directly from the FirePOWER user interface, immediately accessing the packet data captured by Vigil. This increases the number of alerts that can be successfully investigated, making the security team more efficient and reducing the likelihood of a security breach.
When an alert is triggered in FirePOWER, the Savvius Vigil appliance captures the specific network traffic that caused the alert. Uniquely, Vigil stores network traffic data from five minutes before through five minutes after the alert triggered. That information, critical to effective investigations, is now available directly through a link in the FirePOWER UI. Investigating the alert simply requires clicking on the link and downloading the network packet file for analysis with Savvius Omnipeek network analysis software or any other network forensics solution. Before this integration, users wanting to investigate a particular event had to leave the FirePOWER interface and manually search for the relevant packets separately in Vigil using the alert information provided by FirePOWER.
“Most enterprises are overwhelmed by security alerts, leading them to investigate and respond to fewer than five percent of them on average. This leaves a broad path for potential attackers and increases risk,” said Mandana Javaheri, chief technology officer at Savvius. “Making packet data easily accessible in FirePOWER’s UI helps users rapidly identify false positives, greatly speeding up investigations while reducing the possibility of a malicious attack slipping through uninvestigated.”
Savvius Vigil can capture and store the “packet environments” of hundreds, even thousands, of security alerts every day, and make them available for months or longer. If a breach is discovered at a later date, network security professionals will still have the relevant packets on hand. Savvius Vigil includes Savvius Omnipeek software, giving the appliance powerful search capabilities to filter the packets associated with specific alerts and allowing investigators to easily examine packet payloads and the details of network conversations required for security investigations. This greatly reduces the time required to find the root cause, and enhances the team’s ability to minimize Mean Time to Resolution (MTTR) of alert and breach investigations.
A demo of Savvius Vigil’s integration with Cisco FirePOWER will be on display at Cisco Live! Las Vegas, July 11-13, booth #3151. Please contact Savvius for more details.