The need for IT professionals to conduct their own forensic investigations is on the rise following increasingly 'stealthier' attacks on network systems.
Security solutions provider Top Layer Networks, believes do-it-yourself forensics is consequently on the rise as a result and has announced a solution that will harvest and record the play-by-play details associated with network attacks.
SecureWatch, which runs on a server closely integrated with the company's AppSwitch 3500 series products, allows companies to reconstruct any activity that has transpired, down to the second, and generate reports that provide hard evidence of criminal activity.
Alex Turkington, vice president Asia-Pacific for Top Layer, said: "Corporate IT staffers tasked with security issues are buried in disjointed network data that is hard to decipher, especially in the often chaotic environment that precedes an intrusion.
"SecureWatch extracts the data they need from the network and puts it into relational databases that can be easily analysed to make determinations about an attack that simply would not have been possible before."
The company said since the ASIC-based AppSwitch functions at the application layer of the OSI stack, the information it generates for the solution is rich in detail.
Most firewalls and intrusion detection systems have 'logs' that store rudimentary information about event activity. Advanced hackers, however can cover their tracks by manipulating these logs, or disabling them through denial-of-service floods.
Functionally, SecureWatch works independently of these logs creating a record-keeping redundancy. However it also works with some firewall agents such as Check Point Software Technologies' VPN-1/Firewall-1 solutions.
The solution is currently available in Australia.