Quantum Corp. has announced the integration of the FireEye Network Forensics Platform (PX) with Quantum’s StorNext® scale-out storage. Combining high-speed packet indexing and search from FireEye (NASDAQ: FEYE) with scale-out storage from Quantum, the joint solution provides organisations with access to months of network traffic data to quickly conduct incident response in the event of a breach.
Threat groups are active in an organisation’s network for a median of 229 days, and conducting incident response can involve costly forensic analysis of disparate log files and network data to determine the extent of the breach. In certain instances, organisations without robust network forensics may never fully know what data left the network, how they were compromised, or whether they have fully removed the threat actor.
The joint FireEye-Quantum solution utilises the FireEye Network Forensics Platform to capture, index and store connection and packet information at up to 30 million packets per second. Quantum’s StorNext 5, the industry’s fastest streaming file system, provides the high-performance, scale-out storage repository for forensic data generated by the FireEye platform along with policy-based tiering that enables organisations to match the cost of storage to their need for data access during forensic analysis.
This ability to capture network traffic data in real-time and preserve it for network forensics is critical to resolving a cyber attack. Examining full packet data allows investigators to understand attackers’ tools, techniques and procedures, enabling them to improve their network defenses and assist others via threat intelligence sharing. According to the Ponemon Institute, incident response takes approximately four months, on average, to resolve an attack. In contrast, by allowing organisations to keep forensic data longer and examine it faster, the joint FireEye-Quantum solution is designed to give incident response teams the ability to resolve attacks in much less time – as little as days or hours.