SentryWire Packet Capture
Gain Full Visibility into your Network Traffic,
Past & Present
SentryWire is a Full Packet Capture Appliance & Network Security Monitoring Platform with line rate capture and fast retrieval storage architecture which breaks through the performance, scalability and cost barriers of existing frameworks. SentryWire supports capture rates from 1Mbps to +1Tbps, while providing real-time logging, filtering and compression, allowing retention of network traffic for weeks, months and even years at price points that can be less than 50% the cost of other systems.
SentryWire Solutions
Threat
Hunting
Incident
Response
Network Troubleshooting
Carrier Grade Solutions
Featured Capabilities
Full Packet Capture
Full packet capture is the only way to fully recreate user activity.
Powerful & Fast Search
Search Petabytes of Network Traffic
in Minutes.
Extended Timeline
Network Traffic Stored for Weeks,
Months or Years.
Fast Capture Speeds
Capture speeds from 1Mbps to +1Tbps at line rate.
Intrusion Detection
Present Day intrusion detection limits breaches.
Security Analytics & Visualizations
Attacks are common, threats are rare; high quality network event logs & cleanly presenting the data is integral to fast identification of past, present and potential future threat impacts.
IDS Search Back
Use IDS signatures to search back across previously recorded packets to forensically detect & identify events using attributes & indicators relevant to today.
Network Operations
Collect packets and produce a variety of logs to track network performance metrics.
Artifact Extraction
SentryWire does not truncate or slice any packets it captures, this allows for the return of fully sessionized PCAPs and provides the ability to extract file artifacts with ease via the UI or from the PCAP itself in Wireshark.
SentryWire can help with
the Maturity Model for Event Log Management (M-21-31)
SentryWire is a comprehensive and flexible solution that can help organizations meet the requirements of the Federal Government’s Maturity Model for Event Log Management. With its powerful logging and analytic capabilities, SentryWire provides organizations with the tools they need to ensure the security and reliability of their IT systems and data.
How SentryWire helps Secure
ICS/OT Networks
SentryWire has been designed as a cost-effective long term packet store with full Network Security Monitoring (NSM) for on-demand or live examination of network activity with an on system Intrusion Detection System (IDS), file carving engine and advance network analysis by generating and reviewing logged events of interest.
Bolster Your Defenses & Hunt Down APTs
How SentryWire Can Help
The threat landscape is ever-changing and organizations need to be prepared to react to breaches. Organizations need to be prepared to identify attack tactics, techniques, and Indicators of Compromise (IOCs) relating to Advanced Persistent Threats (APTs) activities.
SentryWire leverages a combination of network detection mechanisms to provide flexible, lightweight, and adaptable Network Security Monitoring capabilities for analysts tasked with hunting for intrusions and monitoring their networks for anomalies. These types of intrusions are often hard to detect with signatures and rules alone.
In-line File Carving (Two Methods)
SentryWire gives you the ability to do live file carving that allows analysts to set specific file types to carve automatically. Search based/On-demand file carving where any files returned as part of a search are identified, viewable and exportable as fully reconstructed files. In addition to the carved files SentryWire logs every file that is captured, the file logs included MIME type, hash and rich contextual metadata.
Single Management Pane
SentryWire collects and analyzes massive amounts of data generated by your network infrastructure. Easily see everything you need from a single management pane.
Partners with industry leaders
SentryWire partners with the leading security solution providers to extend the power of our Packet Capture Platform. This ecosystem of partner technologies includes governance, risk compliance management platforms, intrusion detection systems, behavior-based solutions, hardware and OS providers, other security and industry solutions.
Why Is Packet Capture Important?
Why is it important to have an extended timeline of packet traffic stored? Because we know on average it takes 146 days to detect certain state sponsored intruders in a network and without a high fidelity recording of the network traffic enterprises cannot make a definitive determination of when intruders got in, how they got in or exactly what data was ex-filtrated.
Gain Full Visibility into your Network History
On average it takes 146 days to detect a breach in your network. Most companies only store 4 days of packets so this leaves 142 days with no visibility into what was happening on your network during the breach. The SentryWire Packet Capture Tool and Network Security Platform will provide you with visibility into your network and not leave you in the dark as to when a breach has occurred.
Adding SentryWire to Your Defense & Depth Strategy
Victor Hazlewood, Chief Operating Officer at UT/JICS, Oak Ridge National Laboratory, talks about how adding SentryWire to their Defense & Depth Strategy has helped them better protect their network and organization.