Deep Packet Forensics
Corvil brings the benefits of full packet network traffic analysis (metadata, file artifacts, PCAPs, flow connectivity maps) to the fingertips of Security Analysts for breach investigations, threat hunting and retrospective analysis.
When a live threat or breach is detected, forensic investigators often struggle to locate the source of threat or to identify full impact of the breach.
Their investigations are inconclusive or hit dead-ends with the insights provided by flow data. By then, it’s too late to deploy packet analysis to collect the needed details and context.
Corvil solves these problems with deep packet forensics and automated contextual analysis that delivers the right details within the context of the investigation.
Corvil’s deep packet analysis provides the most details on what exactly is happening on the network. Activities observed from uninstrumented, IoT and rogue devices closes blind-spots. Packet analysis details are immediately actionable because our automated context enrichment links users and systems to observed activities and entities such as domain names, file hashes, and TLS certificates.
The data is normalized and indexed for fast and easy searches, automated scripts and machine learning analysis. Analysts, therefore, can nimbly reconstruct breach events and pivot to follow wherever their investigations take them. The result: faster and more effective response before even more damage is done.
Corvil accelerates investigation of attack artifacts, tools and techniques with true type file identification, single-click file extraction and integration with malware analysis tools. the relationships between users, hosts, files, flows, activities Analysts also uncover a more complete picture of an attack with Corvil’s rapid, indexed search, embeded user and host context, and connectivity maps.
Corvil’s high performance architecture enables real-time threat detection, behavioral analysis, simultaneous packet capture and artifact extraction without compromise. Extract forensic evidence more effectively with our options for continuous or automated capture triggers for riskiest hosts or users.