Packets Matter is an op-ed series advocating the use of PCAP as the primary source of intelligence in enterprise network security. Internet traffic will surpass a zettabyte in 2016. That’s around a trillion gigabytes – over 300 GB per capita of the three billion Internet users worldwide. The rate of growth is just astounding. Meanwhile, reports of massive data breaches are giving businesses greater and greater incentive to invest in network security analytics. But the sheer speed and volume of network traffic data makes this a formidable undertaking. So, many businesses resort to monitoring logs and alerts, and yet despite being small and easy to navigate, logs will fail to secure the enterprise against advanced persistent threats (APTs). What would be optimal is an application of packet capture (PCAP) that doesn’t buckle under stress. PCAP runs into scalability challenges at three stages: capture, storage, and analysis. I’ll discuss some of the architectural design decisions that our engineers at Novetta have made in developing an enterprise PCAP solution that scales at each stage.
Read more about the author: