How important is packet capture for cyber defense?
Organizations using full packet capture are better prepared to battle cyber threats, according to an Enterprise Management Associates (EMA) report.
Visibility and accuracy of packet capture
The report highlights that the visibility and accuracy of packet capture data provides the best source of certainty for threat detection, and notes that the adoption of full packet capture has accelerated over the past 12 months.
The report concludes that “…it is clear that those using packet capture as part of their normal toolset… were more confident in the telemetry they received about their environments.
“They had shorter breach detection and response time and they had more confidence in their workflows and processes,” and “…this creates a very strong story for the use of packet capture as one of the staples in the security program.”
Other key findings
- Respondents from enterprises using packet capture rated themselves “wholly comfortable with the current cybersecurity risk level” in their organization – nearly one-third more often than those using flows, and 14% more often than those using endpoint or network, app, and systems logs.
- Respondents using packet capture had the highest confidence that they were detecting viable threats at the reconnaissance stage when evaluating the ability to detect attacks against Lockheed Martin’s Kill Chain model. The report adds that “This is the first stage and least costly when the attack is stopped at that point.”
- Nearly two-thirds (60%) of respondents reported that network data is more valuable for early breach detection than endpoint data (40%).
- Respondents deploying packet capture rated themselves outstanding in preventing and quantifying breach scope far more than those using other telemetry methods.
“The research in EMA’s report confirms that organizations not only see the value of packet data as a definitive source of evidence but are more confident when using packet capture to detect, prevent, analyze, and respond to data breaches,” said Stuart Wilson, Endace CEO.
“These findings reflect what we see in the market. Enterprises are increasingly recognizing the vital importance of full packet capture in enabling them to correlate security telemetry, keep their networks secure and improve productivity. Packets provide certainty about what’s actually happening on the network, and that enables organizations to respond confidently to threats,” Wilson concluded.