News
PacketSled Introduces Global Platform for Incident and Breach Responders
March 2017 by Emmanuelle Lamandé
PacketSled announced the release of its network visibility
solution targeted for incident responders. The PacketSled IR platform enables
incident and breach response teams to quickly identify attacker activity by
monitoring network traffic, enriching threat context, and performing sophisticated
analytics based on advanced protocol analysis gathered from the network.
The PacketSled platform weaponizes network visibility from deep packet inspection,
protocol dissection, ensemble detection methods, and behavioral analysis with a
visualization engine that provides first responders with an intuitive and efficient
view of network activity. This capability combined with expert system automation and
the ease of sensor implementation is critically valuable to incident responders.
The PacketSled IR platform is not just extensible for IR tool chain integration, it
is flexible in deployment options as well. Most incident response teams will take
advantage of the PacketSled Cloud platform. However, for cloud-averse,
security-restricted or classified environments, PacketSled provides a portable
platform that can be shipped anywhere around the world.
In addition to fast and easy sensor deployment, IR teams can track and manage
incident behavior through PacketSled Case Manager. Once IR teams find an attack
behavior, responders can persist that logic through PacketSled’s Incident Response
Expert System (IRES). IRES allows responders to add network indicators of compromise
(IOC’s), behaviors, conditions and patterns with a few mouse clicks, leveraging
MITRE’s ATT&CK framework. The Sensor Management Framework also allows responders to
add custom intelligence feeds, including STIX objects for known campaign activity.
