FireEye and Quantum Team

Quantum Corp. announced the integration of the FireEye Network Forensics Platform (PX) with its StorNext scale-out storage.

Combining high-speed packet indexing and search from FireEye with scale-out storage from Quantum, the joint solution provides organizations with access to months of network traffic data to conduct incident response in the event of a breach.

Threat groups are active in an organization’s network for a median of 229 days, and conducting incident response can involve costly forensic analysis of disparate log files and network data to determine the extent of the breach. In certain instances, organizations without robust network forensics may never know what data left the network, how they were compromised, or whether they have removed the threat actor.

The joint FireEye-Quantum solution utilizes the FireEye Network Forensics Platform to capture, index and store connection and packet information at up to 30 million packets per sec. StorNext 5, the streaming file system, provides the performance, scale-out storage repository for forensic data generated by the FireEye platform along with policy-based tiering that enables organizations to match the cost of storage to their need for data access during forensic analysis.

This ability to capture network traffic data in real-time and preserve it for network forensics is critical to resolving a cyber-attack. Examining packet data allows investigators to understand attackers’ tools, techniques and procedures, enabling them to improve their network defenses and assist others via threat intelligence sharing. According to the Ponemon Institute, LLC, incident response takes approximately four months, on average, to resolve an attack. In contrast, by allowing organizations to keep forensic data longer and examine it faster, the joint FireEye-Quantum solution is designed to give incident response teams the ability to resolve attacks in much less time – as little as days or hours.

Jon Oltsik, senior principal analyst, Enterprise Strategy Group, “As the sophistication of cyber-attacks increases, the ability to analyze the intrusion, contain it, and quickly recover is more critical than ever. By combining their respective expertise with FireEye network forensics and StorNext storage workflows, FireEye and Quantum are offering customers an integrated cybersecurity solution for incident investigation, which can also reduce mean time to resolution and prevent future incidents.“

Tim Sullivan, VP, enterprise forensics, FireEye, said: “We know today the overwhelming majority of organizations have some malicious code in their networks. Given this, what’s most important is the ability to understand how that malicious code behaved and if threat actors were able to remove any valuable information from a network. The joint solution from FireEye and Quantum provides customers with the storage, indexing and search capabilities to create a detailed forensics report so an incident response team can quickly determine the extent of a data breach to remediate and provide a detailed report to protect against future attacks. It also provides the reassurance that company boards are looking for and should be a core part of the modern security infrastructure.“

Geoff Stedman, SVP, StorNext Solutions, Quantum, said: “Network forensics is becoming an increasingly important tool for cyber incident response, and effective network forensics workflows have two essential ingredients: high-speed packet indexing and highly scalable storage for preserving the network traffic data. Through our partnership with FireEye, a broader range of customers can now benefit from Quantum’s expertise in information workflows and StorNext’s unique combination of industry-leading performance and scale-out tiered storage.“

The combined FireEye-Quantum solution is available.