A Different Perspective on Cybersecurity

A Digital Overwatch

We approach cybersecurity from a different perspective—our unique vantage point on your network allows us to find security risks that others may miss. We are not looking to replace the technologies that you have implemented to protect, detect and respond to internal and external threats. We constantly monitor your network at the packet level to find the threats that exist on your network. PacketWatch is an “overwatch” technology that makes sure your existing security tools are working effectively—and when they are not—we’ll find what got through.

Expert Network Monitoring, Analysis and Investigation

We are threat hunters, investigators, and cybersecurity experts that have experience in federal law enforcement, national security and enterprise data centers. PacketWatchTM is our full-packet-capture network monitoring, analysis and investigation platform built on an open-source big data stack; incorporating public, private and government threat intelligence feeds; a proprietary analytics engine; and a purpose-built, robust multi-page dashboard. We deliver PacketWatch as a service in comprehensive packages for medium and enterprise organizations.

Which PacketWatch service is right for me?

PacketWatch BEC

Recovering from a Business Email Compromise (BEC) or Internet fraud loss requires a swift, thorough, and proven investigative process led by experienced people. Our investigations team is comprised of experts in cybersecurity, enterprise IT, national security, physical & digital forensics, law, and insurance. PacketWatch will rapidly triage your incident, eliminate attacker persistence, and advise your key stakeholders on technical and business decisions. We will thoroughly document the findings and offer holistic recommendations for lasting cyber wellness.

 
  • Domestic and International Investigations
  • Evidence Preservation for Legal Proceedings
  • Incident Documentation and Reporting
  • Concierge-level Support and Coaching
 

PacketWatch IR

Responding to a security incident requires specific tools, procedures, and expertise. The process often involves event triage, data collection, investigation, forensic analysis, and communication with the people involved. PacketWatch Incident Response experts will quickly contain the threat and begin to identify attack vectors, malicious activities, affected accounts, and compromised systems. Our team will collect and preserve evidence, help remediate the incident, produce technical and executive reports, and provide recommendations to enhance your overall security posture going forward.

 
  • Packet-level Network and Host-based Tools
  • Threat Containment
  • Digital Forensics and Investigation
  • Threat Remediation
  • Reporting and Recommendations
 

PacketWatch Advisory Services

PacketWatch Advisory Services allow organizations with limited internal resources to strengthen their information security posture and reduce risk. As a boutique cybersecurity consulting firm, our leadership team and consultants will work directly with you to build a security program customized to your company, industry, compliance, and budgetary requirements. Our experts will develop strategies, plans, and policies leveraging decades of practical experience, proven best practices, and an enterprise methodology. An initial assessment will determine which Advisory Services will be most beneficial to your business operations.

 
  • Assessments
  • Strategic Plans
  • Governance and Policy
  • Risk Management
 

PacketWatch NSA

A Network Security Assessment (NSA) is a great way to experience the value and depth of the on-premises PacketWatch platform, threat hunting services, and cybersecurity advice. Our 30-day analysis of your network using full packet capture and robust analysis tools will find persistent threats that are difficult to catch with a point-in-time vulnerability assessment or penetration test.

 
  • 30-day Continuous Analysis
  • Written Report and Recommendations
  • Uncover Malicious Activities
  • Expose Misconfigured Devices
  • Identify Vulnerable Assets
  • Reveal Policy Violations
  • Verify Security Controls
  • Better Understand Your Network
 

PacketWatch MDR

Our Managed Detection and Response (MDR) service is perfect for medium-sized organizations that lack the internal resources to proactively and consistently hunt for threats. This 12-month subscription service reduces your cybersecurity risk by delivering the same initial value as PacketWatch NSA, plus the following additional services and access to our experts:

 
  • Daily Alert Triage
  • Daily Threat Hunting
  • Proactive Incident Remediation
  • 24×7 Concierge Support
  • Monthly Reporting and Billing
  • Optional Advisory Services
  • 30-Day Cancellation Policy
 

PacketWatch Enterprise

Enterprise organizations typically have more internal cybersecurity resources, established processes, and a more complex, multi-location network infrastructure. PacketWatch Enterprise takes all of this into account. The result is a fully-customized implementation of our on-premises PacketWatch appliance infrastructure and associated services. Even if you choose to handle the Tier-1 and Tier-2 monitoring, triage and hunting tasks yourself, you can still receive Tier-3 threat hunting, investigation and advisory services from our experts. 

 
  • Multi-node Platform Infrastructure
  • Customized Service Packages
  • Streamlined Tier-3 Incident Escalation
  • 24×7 Concierge Support
  • Optional Advisory Services
 

What do I get with PacketWatch?

Total Network Visibility

Total Network Visibility

See everything on your network in a way that you never have before. It’s all there. Improve your situational awareness by diving into the data and dashboard modules.

Extensive Network Intelligence

Extensive Network Intelligence

With visibility comes knowledge. Learn about your traffic statistics, protocol breakdowns, top talkers, top sources, top destinations and websites visited by users.

Expert Threat Hunting and Investigation

Expert Threat Hunting and Investigation

We’ll help you find the persistent threats lurking in your network. Every PatchWatch service includes Expert Threat Hunting and Investigation Services.

Network Traffic Replay

Network Traffic Replay

It’s like a DVR for your network traffic. Have you ever wished you could go back and see the conversations between two IP addresses on your network? Now you can. It’s pretty amazing.

Full Packet Capture

Full Packet Capture

Full Packet Capture is what makes it all work. We capture everything that is happening on your network. Then we add metadata and index it to make it faster, more efficient and easier to find.

High-speed Search

High-speed Search

No one has time to look through days of non-indexed recordings for a specific network activity. But now with our optimized database, metadata and powerful search, it takes seconds.

Big Data Analytics

Big Data Analytics

Capturing all of the traffic traveling on your network is a lot of data. Managing, querying, analyzing, and reporting on this data requires specific Big Data tools and capabilities.

Machine Learning

Machine Learning

Using algorithms to look for patterns and trends in your network data and then alerting an analyst to take action helps to improve efficiency and reduce operating costs.

Multiple Detection Engines

Multiple Detection Engines

One of the ways we change our “perspective” when looking for malicious activities on your network is by using different detection engines. It’s like a doctor using an X-Ray, CT Scan, and an MRI.

Encryption Fingerprinting

Encryption Fingerprinting

Encrypted packets can carry malware just like any other packet. With encryption session signatures, we can determine if the content is likely malicious without needing the decryption key.

Command and Control Server Detection

Command and Control
Server Detection

Determining if a beacon is talking with the outside world can be challenging for most security tools. Since we see every network IP conversation on your network it is much more obvious to us.

Global Threat Intelligence

Global Threat Intelligence

Comparing the anomalous activity we see on your network with public, private and government Intelligence sources helps us to triage, correlate and investigate potential threats quickly.

Data Portability

Data Portability

Share detailed information with other cybersecurity applications. Export data to your SIEM or SOAR platform for case enrichment or send custom PCAPs for further analysis and archiving.

24x7 Support

24×7 Support

As a boutique security consultancy, customer service is a top priority and real differentiator. If you have any concerns, you can reach an elite support engineer 24 hours a day, 7 days per week.

Dashboards and Reporting

Dashboards and Reporting

Our clients see everything we are monitoring and tracking. The purpose-built security dashboard is how our threat hunters research, investigate and remediate your incidents.

Peace of Mind

Peace of Mind

Most security products try to stop the bad guys from getting in. But what if they’re already in? How would you know? Rest assured that we’re watching every packet for anomalous behavior.

Why should I choose PacketWatch?

FIND THINGS OTHER SECURITY TOOLS MISS

Uncover Malicious Activity

Expose Misconfigured Devices

Identify Vulnerable Assets

Reveal Policy Violations

Increase Network Visibility

ELEVATE YOUR SECURITY OPERATIONS

Improve Threat Hunting & Tools

Provide Cybersecurity Oversight

Verify Security Controls

Audit Security Processes and Investments

Add PacketWatch Experts to Your Team

PACKETWATCH IS EASY TO JUSTIFY

Quick Installation, No Agents to Deploy

Passive and Thorough Data Collection

Immediate Results and Obvious ROI

Affordable, Monthly Managed Service

Thirty (30) Day Cancellation Policy

What are PacketWatch clients saying?

“We engaged the PacketWatch team for a 30-Day Network Security Assessment. Almost immediately after deployment, they called to tell us they found several major network configuration errors that left our perimeter vulnerable to attack. The PacketWatch team immediately helped us make the necessary changes and tested the new configurations. What we accomplished in that first week justified the cost of the entire assessment for us!”

Chief Information Officer

Mid-sized Federal Contract Services Company

PacketWatch Full Packet Capture Network Appliance

What does PacketWatch help me monitor and investigate?

PacketWatch Dashboard

The PacketWatch Dashboard is designed to bring together select results and analytics to help you quickly identify known and unknown threats emerging in your network. At a glance, you can review geospatial, protocol, signature, command and control, DNS, inventory and reputational analysis in a single pane of glass. Colors and alerts visually direct your attention to significant events and detections requiring further evaluation. A threat hunter can quickly drill down to additional levels of detail for each dashboard module and alert. 

PacketWatch | Threat Hunting Dashboard
PacketWatch | Threat Hunting Dashboard

PacketWatch Dashboard

The PacketWatch Dashboard is designed to bring together select results and analytics to help you quickly identify known and unknown threats emerging in your network. At a glance, you can review geospatial, protocol, signature, command and control, DNS, inventory and reputational analysis in a single pane of glass. Colors and alerts visually direct your attention to significant events and detections requiring further evaluation. A threat hunter can quickly drill down to additional levels of detail for each dashboard module and alert. 

PacketWatch | Security Dashboard

Security

The Security page is a threat hunter’s starting point for gathering new and different leads to pursue. This page summarizes known threats observed in the network from a collection of over 83,000 public, private and government threat intelligence sources.

Network

The Network page summarizes packet-level and flow data collected from your network to provide additional insights into observations and anomalies from normalized behaviors.

PacketWatch | Network Dashboard
PacketWatch | Network Dashboard

Network

The Network page summarizes packet-level and flow data collected from your network to provide additional insights into observations and anomalies from normalized behaviors.

PacketWatch | Detections Dashboard

Detections Overview

The first Detections page provides additional information on observed alerts—including packet-level details on observed threats and indicators of compromise (IOC).

Detections Detail

The second Detections page allows you to search, sort and categorize observed indicators of compromise (IOC) over time to facilitate prioritization and timely adjudication of alerts.

PacketWatch | Detections Dashboard
PacketWatch | Detections Dashboard

Detections Detail

The second Detections page allows you to search, sort and categorize observed indicators of compromise (IOC) over time to facilitate prioritization and timely adjudication of alerts.

PacketWatch | Investigate Dashboard

Investigate Overview

The first Investigate page allows you to search, categorize and analyze packet level metadata in seconds to validate indicators or compromise (IOC). 

PacketWatch | Investigate Dashboard

Investigate Details

The second Investigate page lets you create custom PCAPs for archival purposes or further analysis in other network tools. Export collected data and analyses to your SIEM or other security tools for further correlation.

Investigate Details

The second Investigate page lets you create custom PCAPs for archival purposes or further analysis in other network tools. Export collected data and analyses to your SIEM or other security tools for further correlation.

PacketWatch | Investigate Dashboard

PacketWatch Advisory Services

PacketWatch Advisory Services are incremental to our standard product and service offerings. You can mix and match the services to build a custom program specific to your requirements. You do not have to be a PacketWatch client to take advantage of these services. Education programs are always customized to meet your specific end-user requirements. Contact us today to get started!

Digital Investigation
and Forensics

Risk
Assessment

Security Controls
Assessment

Vulnerability
Assessment

Incident Response
Plan Development

BCDR
Plan Development

Security Policy
and Governance

Education
Programs

Do you have any questions?

Visit Our Blog

Your Enemy Can Be Your Best Teacher

This quote attributed to the Dalai Lama inspired our analysts to take a thoughtful approach to monitoring our external nodes. We wanted to answer the question – what are the top 20 ports the top 3 cyber threat actor countries are hitting? Could the targeting from countries such as China, Russia, and Iran give us some insights into what they’re trying to exploit?

read more

Living Off the Land (LOTL): A Case Study

During a recent incident involving LockBit ransomware, we discovered a persistent credential stealer that was hidden as a scheduled task/process. We did a significant amount of investigation before unraveling the clues of what was creating alerts and attempting to beacon-out to certain IP addresses in Latvia.

read more

THIS MEMORIAL DAY WEEKEND: RANSOMWARE

Since May 4th, we have seen an eye-catching increase in cyber incidents, email compromise, and ransomware attacks.
As we approach the US Holiday, Memorial Day, we expect this increase to continue. To help improve your awareness, we offer the following trends and fairly consistent indicators pointing back to Eastern European and Russian criminal actors.

read more