Defense Contractor relies on Packetsled for Automated Network Security Visibility

Summary

The Information Security Team of a Defense Contractor with a nationwide and worldwide presence selected PacketSled as a core tool to increase visibility and significantly improve the IT security defenses that safeguard its networks and development environments.

The Challenge

The company values cybersecurity solutions that provide constant monitoring against new security vulnerabilities and exploitation techniques. Constant vigilance in these environments and a solution that could demonstrate immediate value to the company was vital. IT Security Team Goals:

  • Continuously monitor, investigate, and react to security events in real-time
  • Identify advanced nation-state malware, phishing, and network attacks in multiple geographic locations
  • Combine full packet capture with threat intelligence across diverse environments without a substantial investment in new infrastructure or a large learning curve.

PacketSled’s Solution

PacketSled was able to provide a solution that met the company’s goals.  The company’s IT Security Manager characterized the PacketSled solution as essential, especially when high risk threats are imminent and time is of the essence.

"It was a snap to deploy PacketSled within our environment and we quickly realized its value.  PacketSled provides robust network traffic context combined with an intuitive interface and fast search/pivot capability, all without the overhead and high cost of classic full packet capture solutions."

IT Security Manager

With PacketSled the company’s Security team:

  • Uncovered hidden attack signals.
  • Improved network context to the threat hunting and anomaly detection processes.
  • Utilized interactive visualizations and pivoting capabilities to provide meaningful situational awareness during incident response.
  • Improved east/west network traffic visibility and security monitoring on internal segments.
  • Quickly retrieved historical network data during incident response exercises.
  • Automatically checked traffic against built in, open source, and custom detection signatures.

The company’s IT Security Manager shared the impact of PacketSled on their Security Operations, “PacketSled’s unique approach to network security and visibility empowered us to improve our incident response times, threat identification capabilities, and network traffic understanding."

About Packetsled

PacketSled automates incident response by fusing business context, AI, entity enrichment and detection with network visibility. Used for real-time analysis and response, PacketSled’s platform leverages continuous stream monitoring and retrospection to provide network forensics and security analytics. Used by breach response teams worldwide, security analysts and SOC teams can integrate PacketSled’s deep network context into their playbooks, SIEMS, or by itself to dramatically reduce investigation time, cost and expertise required to respond to persistent threats, malware, insider attacks, and nation state espionage efforts. The company has been named an innovator in leading publications and by security analysts, including SC Magazine, earning a perfect score in the online fraud group test. PacketSled is headquartered in San Diego, with offices in Seattle, WA.

“It is our honor to work with organizations and their capable network security teams, who provide services and products that aid in our nation's defense. We will continue to enhance our offerings and expand on our joint mission to preserve and protect America's resources.”

Igor Mezic

Chief of Science at PacketSled