Trellix Network Forensics (PX)
Even when attackers erase their tracks, Trellix Network Forensics has already captured them. With lossless (lossless) packet capture speeds of up to 20 Gbps, maintain a timestamped record of every single bit on your network. Reconstruct the attack chain (Kill Chain) across the pre-attack, mid-attack
Trellix Network Forensics (PX)
Access “Black Box” Data During the Attack, Not After: Trellix Network Forensics
Even when attackers erase their tracks, Trellix Network Forensics has already captured them. With lossless (lossless) packet capture speeds of up to 20 Gbps, maintain a timestamped record of every single bit on your network. Reconstruct the attack chain (Kill Chain) across the pre-attack, mid-attack, and post-attack phases.
Threat hunting is not guesswork; it is proving the data.
Are there anomalies slipping past your security tools? To understand the true intent behind suspicious activity, you need a packet-level “time machine.” Trellix Network Forensics freezes all network traffic with high-performance indexes, so you can examine every session, every file transfer, and every DNS query with the clarity of the moment the event occurred.
- Reduce MTTD and MTTR to Seconds: With a single (Workbench) that streamlines investigations, move the complex network forensics process from manual analysis to automated speeds.
- Make Hidden Threats Visible: Track every step an attacker takes on your network second by second using real packet data, leaving no room for any “ghost” threat.
- Eliminate Alert Noise: With IoC (Indicators of Compromise) aggregation, consolidate alerts from different security tools into a single interface and put an end to “alert fatigue.”
Uninterrupted “Forensics” Architecture at 20 Gbps
- Zero-Loss (Lossless) Recording: At speeds of up to 20 Gbps, capture every single packet without missing one — timestamped and complete.
- Patented Indexing: Instead of searching for a needle in massive databases, our patented indexing architecture lets you recall targeted connections at ultra-fast speeds.
- Smart Filtering: Don’t fill your storage with unnecessary content. Automatically filter out video streams or irrelevant large file transfers; “intelligently” retain only traffic with attack potential.
- Deep (Decoder) Support: Make web, email, FTP, DNS, and SSL connection details visible through session-based analysis, even beneath complex encryption layers.
A “One-Stop” Point for Incident Response
Trellix Network Forensics is not a simple recording device; it is an Incident Response Station. 1. Visualization: View specific network (Metadata) at a glance with customized dashboards. 2. Correlation: Consolidate alerts from other Trellix and third-party security products into a single workbench. 3. Analysis: Drill down to the packet level through a graphical (GUI) interface and reconstruct the attack chain (Kill Chain).
Data Export Flexibility:
Your analyses are not locked into our interface alone. You can export the connection metadata of captured packets in JSON format; convert flow indexes into universal data formats such as NetFlow v9, IPFIX, and SiLK to work seamlessly with your other SIEM or data analytics platforms.
If an attack had occurred on your network, could you prove what happened at the packet level?
Schedule an appointment to see our forensics performance in a live lab environment and test the operational speed that 20 Gbps capture will bring to your SOC team.
Related Solutions
Talk to us about this solution
Reach out for licensing, architecture and technical requirements.