Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Packet capture and analysis: The force multiplier in the cybersecurity battle

By Jeremy Leasher
Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news
November 25, 2020

For organizations experiencing data breaches, the consequences are considerable, especially for security operations. IBM reports that over 25,000 data records are stolen with the average data breach, and costing the targeted company as much as $8.64M per breach in the United States. And it takes on average a staggering 280 days between identifying and containing a data breach (known as the breach cycle). 

As bad as this problem is today, the trajectory is even more dismal.  Fireye, in its M-trends-2020 report, indicated that of all the malware families observed by FireEye, 41 percent were previously unknown. This means that malware creators continually innovate beyond existing malware, making these threats even more difficult to detect.

The Digital War Challenges

So why is it so hard to fight this digital war, and why is the breach cycle so long?

Those long-lasting, most damaging, and challenging to detect are Advanced Persistent Threats (APTs). In the case of an APT, a threat actor gains unauthorized access to a network, often initially through a Business Email Compromise (BEC), the “trojan horse” that serves as the malware’s entry-point. This access allows the threat actor to build a foothold on one or more machines and then remain undetected for an extended period of time, preparing for the malicious behavior. Using a combination of multiple targeting methods, tools, and techniques, threat actors gain access to a network, often time exploring year old security issues that have not been patched or ignored for too long. Staying hidden for extended periods, threat actors collect additional information, implant malware to detonate later, or are stealing intellectual property slowly,  a few bytes at a time, exfiltrating it through less monitored protocols such as DNS or outbound HTTP.   And today's prevailing technology does not give security professionals the necessary network visibility for threat detection, nor to identify the combatant or even what was stolen.

This is similar to a physical break-in on your property. To determine who the intruder is, you need to know what happened before someone entered the premises, what they did while they were on your property and how they exited.  Home video surveillance systems document all of those activities and are available for review to identify the burglar.  IT security teams have lacked this level of detail on organizational cyberattacks, leaving investigators ill-equipped to solve threats.

Today’s Approach: Efficient but Ineffective

Over the last decade, IT operations have optimized the real-time analysis of network traffic and device information.  To ensure security, services, and application delivery, IT operations have predominantly relied on real-time analysis of network traffic and device information as the most economical approach.
Collecting statistical information such as NetFlow, events, or aggregated data allows for efficient storage and analysis for event detection, alarming, performance analysis, and planning.

However, it is often insufficient when it comes to detecting threats, leaving organizations vulnerable in the process.

Just a Snapshot Available

Unlike ordinary home video security systems, most organizations’ security systems only offer a snapshot of a network intrusion, but no context of the breach. The necessary details to get to the root cause to mitigate the threat quickly are lacking.  When security professionals are notified of a data breach, they cannot see what happened before the intrusion, during the intrusion, or after.  Without this insight, they cannot effectively analyze the intrusion. They are left to take a highly reactive security operations approach, reviewing log files of all the endpoints connected to their network, which may offer proof that an event happened or that an intrusion took place, but are insufficient to determine what actually happened. Security teams operate in a constant firefighting mode and are vulnerable to insider and persistent threats, and potentially to stolen Intellectual Property (IP) or even ransomware attacks. 

Packet Capture and Analysis Provides Full Network Visibility

Even though somewhat successful in detecting more general intrusions, log analysis and correlation from various sources is often futile in detecting APT activities. While APT activities are stealthy and hard to detect, the command and control network traffic associated with APT can be detected at the network layer level with packet capture methods.

PCAP, or packet capture, is an Application Programming Interface (API) that captures all live network traffic at the basic detail level. PCAP provides all packet information from the Ethernet header all the way to the application payload, providing full visibility of the application and network interaction, pre- and post-event, and back-in-time analysis.

PCAP capture and analysis tools have not previously been widely implemented, primarily because of high storage costs and the inability to analyze large amounts of data in real-time.  But now, with solid-state storage costs drastically reduced, NVMe-based storage’s ability to keep up with high-speed network traffic and advancements in capture and analytics capabilities, the footprint and economics of packet capture solutions have significantly improved, rendering them market-ready.

Let’s go back to the home video security analogy.  If you think about five years ago when people wanted a full home security system, it was too expensive, cumbersome, hard to install, and required wires, so people went without. But now you can go online and purchase an inexpensive, wireless home security system with numerous cameras, door lock notifications and set it up in fifteen minutes.  We are now to that point with PCAP and analysis tools.  They have the unique ability to access packet-level insight, which in turn reduces time to identify root cause, the cost of downtime, and the overall impact of a data breach.

The most advanced PCAP capture systems also buffer the security monitoring infrastructure from traffic spikes and traffic growth to ensure reliable results, avoiding overload situations that lead to data loss and unnoticed intrusions.  

 

Cyberattacks Getting More Sophisticated, Tools Need to Keep Up

APTs and BECs are getting more sophisticated every day. It is difficult for intrusion detection systems to keep up with cybercriminals’ evolving new techniques.  It is not enough for security teams to focus on just preventing the intrusion.  It is critical for them to quickly detect an intrusion, mitigate the situation, and prevent more attacks from happening similarly.  

Furthermore, with a BEC, the initial email is just one component of the threat.  The hacker can then use the target's email and name to send spear-phishing attacks.  The number of people violated can be exponential. Often threats are not overt but rather subtle and camouflaged.  These threats can be just as perilous. Packet capture solutions can tell the entire story of the attack. How and when the hacker entered the system, what was stolen, who else was targeted.  You then have the digital fingerprints and footprints of the interactions to pass on to the authorities for investigational purposes.  

With a growing number of devices on the network, more business conducted online, and the escalation of remote work and learning, traffic is skyrocketing. Remote work specifically exposes endpoints to infrastructure outside of the IT security perimeter, increasing possibilities for threat actors to get access to the enterprise environment undetected. PCAP capture and analysis systems allow an organization to take their existing security ecosystem to the next level.  It can be an organization’s force multiplier as far as technology and staff in the digital war.

 

KEYWORDS: cyber security data breach risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jeremy headshot

Jeremy Leasher, Security Solutions Architect, Axellio, is a security professional with wide-ranging experience within the DoD and Commercial sectors. He is currently a CW3 in the National Guard and highly seasoned in areas of threat hunting, digital forensics and incident response.

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cybersecurity Intrusion Detection

    Battle at the edge: How the convergence of 5G and IoT are opening a new front for threat actors

    See More
  • cyber threat

    The Signal in the Noise: How Security Teams Can Capture Actionable Threat Insights

    See More
  • 5 mins with Dr. Brumley

    5 minutes with Dr. David Brumley - Capture the Flag cybersecurity competitions and how to get started

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • April 23, 2025

    Employee Perceptions of Workplace Safety in 2025

    ON DEMAND: Workplace safety continues to be a critical concern in 2025, with employees across industries expressing growing concerns about their safety at work.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing