Collection of data will be performed from the intelligent agents, situated in agent containers at strategic places of the network linked to TAP/mirror ports on switches and/or network taps.
The SecconBox is our hardware appliance, containing one or more agent containers. SecconBox provices a security dashboard. The SecconBox can be easily expanded with extra boxes or with extra intelligent agents on existing hosts in your network.
On the tap/measure points full packet data is captured. Capturing full packet data will result in a huge amount of data, to keep it workable the principle of quick elimination is used.
Based on a combination of 'white and black lists' an early decision is made to retain data or not. The result is captured full packet data will be available for a limited time frame ideally long enough for analysing the data.
On top of that session data, for long term storage, is extracted from all captured data which places a far less strain on the total system and which can still be used, albeit less complete, for forensics.
An other approach for long term retaining of data which is also available is to extract packet string data which can also be stored for a longer term and which provides more information for forensics.