I want to capture and retain that data for 30 days to give our security team time to detect an incident and then look back to understand not only what happened during that incident, but also the events leading up to and setting the stage for that particular incident. We have a network with an average of 1 Gbps of data. So how much storage is needed? Let’s assume we capture 100 percent of the network traffic in the following scenarios: Scenario One: One Network, 1 Gbps of Data Storage costs scale based on the amount of data traversing the network and the length of time for which that data must be retained. Not surprisingly, one of the challenges of full packet capture is the amount of data storage required. But is it worth the investment? How Much Data Storage Do You Need? Packet capture certainly isn’t new, and more companies are seeing the value in capturing full packet data. So it really becomes a matter of capturing that data such that it can be recalled, investigated using forensics and the root cause of the breach determined.
In nearly every case, the data required to answer these questions has already traversed our networks. But what happens once a potential incident has been identified? How do we truly know what happened, what assets or data have been compromised, and what remediation is required to address the immediate threat and defend against repeat attacks?
Organizations are wisely investing in security intelligence to detect and respond to threats. Let’s face it: Cybersecurity isn’t getting any easier as attacks become stealthier, more complex and harder to assess.
0 kommentar(er)
