Trellix Network Forensics

Minimize the impact of network attacks using high-performance packet capture and investigative analysis.

Resolve security incidents faster

Trellix Network Forensics pairs the industry’s fastest lossless data capture and retrieval solution with centralized analysis and visualization. Determine the scope and impact of threats and resecure your network faster.

Request a Demo

Why Trellix Network Forensics?

Centralize Visibility of Threat Data

View specific network metadata and activity with easy-to-create custom dashboards.

Faster Results

Search connections and packets quickly across all alerts, captured flow, and metadata.

Effective Threat Hunting

Hunt for anomalies and suspicious activities that may evade your existing tools.

IOC Aggregation Across Tools

Consolidate alerts from other Trellix and third-party products in a single workbench.

Conduct Effective Threat Investigations

Detect a broad range of security incidents, improve your response quality, and accurately quantify the impact of each incident.

Reconstruct the Cyber Attack Kill Chain

Reveal hidden threats and accelerate incident response by reviewing specific network packets and sessions before, during, and after an attack.

Reduce the Mean Time to Detect and Respond

Accelerate the network forensics process with a single workbench that simplifies investigations and remediates attacks.

Frequently asked questions

Trellix Network Forensics is a solution that captures and indexes full network packets at high speeds, allowing organizations to identify and resolve security incidents faster. It provides a centralized workbench with an easy-to-use analytical interface for reviewing network packets and sessions before, during, and after an attack. This enables security teams to detect a broad range of security incidents, improve response quality, and accurately quantify the impact of each incident.

Trellix Network Forensics offers high-performance packet capture with several key features: continuous lossless capture with time-stamping at speeds up to 20 Gbps, real-time indexing of all captured packets, ultrafast search and retrieval using patented indexing architecture, and intelligent capture with selective filtering. It also provides rich context through a web-based, drill-down GUI for inspecting packets, connections, and sessions.

Yes, Trellix Network Forensics is designed to integrate with other security tools. It can consolidate alerts from Trellix Network Security, Email Security, and Endpoint Security products, as well as third-party tools and all network metadata in a single workbench. This integration allows for immediate one-click pivot to session data from alerts. The solution also supports the integration of Trellix Threat Intelligence, STIX, and OpenIOC feeds for enhanced threat detection and analysis.

Security awareness

What is Network Security

A combination of technologies, policies, and practices to protect computer networks and data's confidentiality, availability, and integrity.

Read More

What is NDR?

NDR goes beyond essential intrusion detection to continuously monitor your network traffic for suspicious activity.

Read More

Take the next step toward living security for your network