Trellix Network Forensics pairs the industry’s fastest lossless data capture and retrieval solution with centralized analysis and visualization. Determine the scope and impact of threats and resecure your network faster.
Centralize Visibility of Threat Data
View specific network metadata and activity with easy-to-create custom dashboards.
Faster Results
Search connections and packets quickly across all alerts, captured flow, and metadata.
Effective Threat Hunting
Hunt for anomalies and suspicious activities that may evade your existing tools.
IOC Aggregation Across Tools
Consolidate alerts from other Trellix and third-party products in a single workbench.
Trellix Network Forensics is a solution that captures and indexes full network packets at high speeds, allowing organizations to identify and resolve security incidents faster. It provides a centralized workbench with an easy-to-use analytical interface for reviewing network packets and sessions before, during, and after an attack. This enables security teams to detect a broad range of security incidents, improve response quality, and accurately quantify the impact of each incident.
Trellix Network Forensics offers high-performance packet capture with several key features: continuous lossless capture with time-stamping at speeds up to 20 Gbps, real-time indexing of all captured packets, ultrafast search and retrieval using patented indexing architecture, and intelligent capture with selective filtering. It also provides rich context through a web-based, drill-down GUI for inspecting packets, connections, and sessions.
Yes, Trellix Network Forensics is designed to integrate with other security tools. It can consolidate alerts from Trellix Network Security, Email Security, and Endpoint Security products, as well as third-party tools and all network metadata in a single workbench. This integration allows for immediate one-click pivot to session data from alerts. The solution also supports the integration of Trellix Threat Intelligence, STIX, and OpenIOC feeds for enhanced threat detection and analysis.
A combination of technologies, policies, and practices to protect computer networks and data's confidentiality, availability, and integrity.
Read MoreNDR goes beyond essential intrusion detection to continuously monitor your network traffic for suspicious activity.
Read More