When your intrusion detection system alerts you there's been an incident, that is only the beginning of the story. Let CloudShark Threat Assessment quickly take you from the network alert all the way down to the individual packets, so you can determine the root cause and continue on with your day.
Alerting and reporting are an integral part of your real-time intrusion detection tools. However, for post mortem analysis, reporting, and auditing, nothing is better than having the actual packets at your fingertips.
Armed with the network capture of the event, use CloudShark to perform post-incident analysis on individual packets. Threat Vectors show you where, when, and how the attack unfolded.
Go from SIEM alert to root cause all in one web-based tool, then share your analysis quicky and easily across teams and departments. Use CloudShark Threat Assessment to test and improve incident response protocols for the next attack.
While many tools simply give a high-level overview of attacks and violations, there’s much more to learn with a little... direction.
CloudShark's ladder diagrams are applied to security alerts to give you threat vectors that let you see the structure and timeline of a compromise or attack. See when it happened, where it came from, who was the target, and how they behave.
The truth is in the packets. CloudShark makes it easy to drill down from a high-level alert all the way through the HTTP stream and even to the individual packet that triggered it.
CloudShark lets you easily collaborate with anyone to get to the bottom of an attack or anomaly. View a stream, filter out the offending packets, and share exactly what you’re looking at with colleagues and experts.
It even pulls reference links out of alerts for you to continue your malware research.
Threat Assessment is built right into CloudShark just like all of our other analysis tools. Once you upload a PCAP file, open it and choose Threat Assesment from the Analysis Tools menu. You'll get a high-level summary in seconds. And, because it's CloudShark, every view can be shared with your team simply by copy and pasting the URL. It's quick and secure.
CloudShark tells you how much of a bad thing you have going on, and helps you drill down to exactly the hosts and packets that are involved in each alert.
Identify and document Indicators of Compromise from capture files while you are investigating an incident. Malware signatures, binaries, and other assets are all easily identified within CloudShark.
With CloudShark managing all your important capture files, you can quickly jump between events and dates to compare traces, making sure that a malware or virus has been cleaned up completely.
When there's something strange going on, it helps to see it right upfront. See how much malicious activity there is in your capture, and how bad it is, at a glance.
CloudShark is entirely web-based and doesn't require any client-side software other than a web browser, so you can access your packet captures and perform threat analysis from anywhere, on any device.