In the landscape of cybersecurity and network management, having full visibility into network traffic is crucial for detecting and responding to security threats and network issues promptly. Exium's Secure Access Service Edge (SASE) platform, combined with Autonomous Extended Detection and Response (XDR), already provides robust security capabilities. By augmenting Exium's platform to store and index network traffic in standard PCAP format, organizations can achieve unparalleled network visibility, facilitating the swift identification and resolution of security and network issues for Managed Service Providers (MSPs) and their clients.
ΒΆ Introduction to PCAP
PCAP (Packet Capture) is a standard data format used for capturing and storing network traffic. It allows for the recording of all network packets traversing a network interface, preserving the full contents of each packet along with relevant metadata. PCAP files can be analyzed using various network analysis tools, providing deep insights into network behavior and facilitating forensic investigations.
ΒΆ Augmenting Exium's Platform with PCAP Storage and Indexing
By integrating PCAP storage and indexing capabilities into Exium's SASE and XDR platform, MSPs and their clients gain several key benefits:
|
Item |
Key Benefits of Full Packet Capture and Analysis |
|---|---|
| 1 |
Comprehensive Network Visibility:
|
| 2 |
Rapid Issue Identification and Resolution:
|
| 3 |
Forensic Analysis and Investigation:
|
| 4 |
Regulatory Compliance and Audit Trail:
|
ΒΆ Key Benefits for MSPs and Clients
|
Item |
Key Benefits for MSPs and Clients |
|---|---|
| 1 |
Enhanced Security Posture:
|
| 2 |
Improved Incident Response:
|
| 3 |
Efficient Troubleshooting:
|
| 4 |
Comprehensive Forensic Analysis:
|
ΒΆ Configuring the Packet Capture
For Full Packet Capture, Indexing and Analysis, you will need to have a Multi-interface cyber gateway (with minimum specs of 4GB RAM/ 2 vCPUs/ 128 GB SSD) deployed at the location.
Packet Capture configuration supported in Modern workspace security for CyberGateway that provides additional features to protect and secure customer environment. Please refer to this link to enable Modern workspace settings for CyberGateways.
To configure Packet Capture, Indexing and Analysis, follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Gateways in the left menu bar β Select the Gateway for the location where you like to perform a Packet Capture
- Select Packet Capture as βyesβ
ΒΆ Initiate Packet Capture
To initiate Packet capture, Click on the βPacket Captureβ icon for the Gateway as shown in screenshot below
ΒΆ Viewing and Analyzing the Packet Capture
To access the Packet Capture UI, click on the βURLβ icon for the Gateway as shown in the screenshot below:
ΒΆ Conclusion
By augmenting Exium's SASE and XDR platform with PCAP storage and indexing capabilities, MSPs and their clients can achieve unparalleled network visibility and rapid issue resolution. The integration of PCAP enables organizations to capture, store, and analyze network traffic with precision, empowering them to detect and respond to security threats and network issues effectively. With Exium's enhanced platform, organizations can proactively protect their networks, mitigate risks, and ensure compliance with regulatory requirements.
To learn more about implementing SASE for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.