A Different Perspective on Cybersecurity
A Digital Overwatch
We approach cybersecurity from a different perspective—our unique vantage point on your network allows us to find security risks that others may miss. We are not looking to replace the technologies that you have implemented to protect, detect and respond to internal and external threats. We constantly monitor your network at the packet level to find the threats that exist on your network. PacketWatch is an “overwatch” technology that makes sure your existing security tools are working effectively—and when they are not—we’ll find what got through.
Expert Network Monitoring, Analysis and Investigation
We are threat hunters, investigators, and cybersecurity experts that have experience in federal law enforcement, national security and enterprise data centers. PacketWatchTM is our full-packet-capture network monitoring, analysis and investigation platform built on an open-source big data stack; incorporating public, private and government threat intelligence feeds; a proprietary analytics engine; and a purpose-built, robust multi-page dashboard. We deliver PacketWatch as a service in comprehensive packages for medium and enterprise organizations.
Which PacketWatch service is right for me?
PacketWatch BEC
Recovering from a Business Email Compromise (BEC) or Internet fraud loss requires a swift, thorough, and proven investigative process led by experienced people. Our investigations team is comprised of experts in cybersecurity, enterprise IT, national security, physical & digital forensics, law, and insurance. PacketWatch will rapidly triage your incident, eliminate attacker persistence, and advise your key stakeholders on technical and business decisions. We will thoroughly document the findings and offer holistic recommendations for lasting cyber wellness.
- Domestic and International Investigations
- Evidence Preservation for Legal Proceedings
- Incident Documentation and Reporting
- Concierge-level Support and Coaching
PacketWatch IR
Responding to a security incident requires specific tools, procedures, and expertise. The process often involves event triage, data collection, investigation, forensic analysis, and communication with the people involved. PacketWatch Incident Response experts will quickly contain the threat and begin to identify attack vectors, malicious activities, affected accounts, and compromised systems. Our team will collect and preserve evidence, help remediate the incident, produce technical and executive reports, and provide recommendations to enhance your overall security posture going forward.
- Packet-level Network and Host-based Tools
- Threat Containment
- Digital Forensics and Investigation
- Threat Remediation
- Reporting and Recommendations
PacketWatch Advisory Services
PacketWatch Advisory Services allow organizations with limited internal resources to strengthen their information security posture and reduce risk. As a boutique cybersecurity consulting firm, our leadership team and consultants will work directly with you to build a security program customized to your company, industry, compliance, and budgetary requirements. Our experts will develop strategies, plans, and policies leveraging decades of practical experience, proven best practices, and an enterprise methodology. An initial assessment will determine which Advisory Services will be most beneficial to your business operations.
- Assessments
- Strategic Plans
- Governance and Policy
- Risk Management
PacketWatch NSA
A Network Security Assessment (NSA) is a great way to experience the value and depth of the on-premises PacketWatch platform, threat hunting services, and cybersecurity advice. Our 30-day analysis of your network using full packet capture and robust analysis tools will find persistent threats that are difficult to catch with a point-in-time vulnerability assessment or penetration test.
- 30-day Continuous Analysis
- Written Report and Recommendations
- Uncover Malicious Activities
- Expose Misconfigured Devices
- Identify Vulnerable Assets
- Reveal Policy Violations
- Verify Security Controls
- Better Understand Your Network
PacketWatch MDR
Our Managed Detection and Response (MDR) service is perfect for medium-sized organizations that lack the internal resources to proactively and consistently hunt for threats. This 12-month subscription service reduces your cybersecurity risk by delivering the same initial value as PacketWatch NSA, plus the following additional services and access to our experts:
- Daily Alert Triage
- Daily Threat Hunting
- Proactive Incident Remediation
- 24×7 Concierge Support
- Monthly Reporting and Billing
- Optional Advisory Services
- 30-Day Cancellation Policy
PacketWatch Enterprise
Enterprise organizations typically have more internal cybersecurity resources, established processes, and a more complex, multi-location network infrastructure. PacketWatch Enterprise takes all of this into account. The result is a fully-customized implementation of our on-premises PacketWatch appliance infrastructure and associated services. Even if you choose to handle the Tier-1 and Tier-2 monitoring, triage and hunting tasks yourself, you can still receive Tier-3 threat hunting, investigation and advisory services from our experts.
- Multi-node Platform Infrastructure
- Customized Service Packages
- Streamlined Tier-3 Incident Escalation
- 24×7 Concierge Support
- Optional Advisory Services
What do I get with PacketWatch?
Total Network Visibility
See everything on your network in a way that you never have before. It’s all there. Improve your situational awareness by diving into the data and dashboard modules.
Extensive Network Intelligence
With visibility comes knowledge. Learn about your traffic statistics, protocol breakdowns, top talkers, top sources, top destinations and websites visited by users.
Expert Threat Hunting and Investigation
We’ll help you find the persistent threats lurking in your network. Every PatchWatch service includes Expert Threat Hunting and Investigation Services.
Network Traffic Replay
It’s like a DVR for your network traffic. Have you ever wished you could go back and see the conversations between two IP addresses on your network? Now you can. It’s pretty amazing.
Full Packet Capture
Full Packet Capture is what makes it all work. We capture everything that is happening on your network. Then we add metadata and index it to make it faster, more efficient and easier to find.
High-speed Search
No one has time to look through days of non-indexed recordings for a specific network activity. But now with our optimized database, metadata and powerful search, it takes seconds.
Big Data Analytics
Capturing all of the traffic traveling on your network is a lot of data. Managing, querying, analyzing, and reporting on this data requires specific Big Data tools and capabilities.
Machine Learning
Using algorithms to look for patterns and trends in your network data and then alerting an analyst to take action helps to improve efficiency and reduce operating costs.
Multiple Detection Engines
One of the ways we change our “perspective” when looking for malicious activities on your network is by using different detection engines. It’s like a doctor using an X-Ray, CT Scan, and an MRI.
Encryption Fingerprinting
Encrypted packets can carry malware just like any other packet. With encryption session signatures, we can determine if the content is likely malicious without needing the decryption key.
Command and Control
Server Detection
Determining if a beacon is talking with the outside world can be challenging for most security tools. Since we see every network IP conversation on your network it is much more obvious to us.
Global Threat Intelligence
Comparing the anomalous activity we see on your network with public, private and government Intelligence sources helps us to triage, correlate and investigate potential threats quickly.
Data Portability
Share detailed information with other cybersecurity applications. Export data to your SIEM or SOAR platform for case enrichment or send custom PCAPs for further analysis and archiving.
24×7 Support
As a boutique security consultancy, customer service is a top priority and real differentiator. If you have any concerns, you can reach an elite support engineer 24 hours a day, 7 days per week.
Dashboards and Reporting
Our clients see everything we are monitoring and tracking. The purpose-built security dashboard is how our threat hunters research, investigate and remediate your incidents.
Peace of Mind
Most security products try to stop the bad guys from getting in. But what if they’re already in? How would you know? Rest assured that we’re watching every packet for anomalous behavior.
Why should I choose PacketWatch?
FIND THINGS OTHER SECURITY TOOLS MISS
Uncover Malicious Activity
Expose Misconfigured Devices
Identify Vulnerable Assets
Reveal Policy Violations
Increase Network Visibility
ELEVATE YOUR SECURITY OPERATIONS
Improve Threat Hunting & Tools
Provide Cybersecurity Oversight
Verify Security Controls
Audit Security Processes and Investments
Add PacketWatch Experts to Your Team
PACKETWATCH IS EASY TO JUSTIFY
Quick Installation, No Agents to Deploy
Passive and Thorough Data Collection
Immediate Results and Obvious ROI
Affordable, Monthly Managed Service
Thirty (30) Day Cancellation Policy
What are PacketWatch clients saying?
“We engaged the PacketWatch team for a 30-Day Network Security Assessment. Almost immediately after deployment, they called to tell us they found several major network configuration errors that left our perimeter vulnerable to attack. The PacketWatch team immediately helped us make the necessary changes and tested the new configurations. What we accomplished in that first week justified the cost of the entire assessment for us!”
What does PacketWatch help me monitor and investigate?
PacketWatch Dashboard
The PacketWatch Dashboard is designed to bring together select results and analytics to help you quickly identify known and unknown threats emerging in your network. At a glance, you can review geospatial, protocol, signature, command and control, DNS, inventory and reputational analysis in a single pane of glass. Colors and alerts visually direct your attention to significant events and detections requiring further evaluation. A threat hunter can quickly drill down to additional levels of detail for each dashboard module and alert.
PacketWatch Dashboard
The PacketWatch Dashboard is designed to bring together select results and analytics to help you quickly identify known and unknown threats emerging in your network. At a glance, you can review geospatial, protocol, signature, command and control, DNS, inventory and reputational analysis in a single pane of glass. Colors and alerts visually direct your attention to significant events and detections requiring further evaluation. A threat hunter can quickly drill down to additional levels of detail for each dashboard module and alert.
Security
The Security page is a threat hunter’s starting point for gathering new and different leads to pursue. This page summarizes known threats observed in the network from a collection of over 83,000 public, private and government threat intelligence sources.
Network
The Network page summarizes packet-level and flow data collected from your network to provide additional insights into observations and anomalies from normalized behaviors.
Network
The Network page summarizes packet-level and flow data collected from your network to provide additional insights into observations and anomalies from normalized behaviors.
Detections Overview
The first Detections page provides additional information on observed alerts—including packet-level details on observed threats and indicators of compromise (IOC).
Detections Detail
The second Detections page allows you to search, sort and categorize observed indicators of compromise (IOC) over time to facilitate prioritization and timely adjudication of alerts.
Detections Detail
The second Detections page allows you to search, sort and categorize observed indicators of compromise (IOC) over time to facilitate prioritization and timely adjudication of alerts.
Investigate Overview
The first Investigate page allows you to search, categorize and analyze packet level metadata in seconds to validate indicators or compromise (IOC).
Investigate Details
The second Investigate page lets you create custom PCAPs for archival purposes or further analysis in other network tools. Export collected data and analyses to your SIEM or other security tools for further correlation.
Investigate Details
The second Investigate page lets you create custom PCAPs for archival purposes or further analysis in other network tools. Export collected data and analyses to your SIEM or other security tools for further correlation.
PacketWatch Advisory Services
PacketWatch Advisory Services are incremental to our standard product and service offerings. You can mix and match the services to build a custom program specific to your requirements. You do not have to be a PacketWatch client to take advantage of these services. Education programs are always customized to meet your specific end-user requirements. Contact us today to get started!
Digital Investigation
and Forensics
Risk
Assessment
Security Controls
Assessment
Vulnerability
Assessment
Incident Response
Plan Development
BCDRPlan Development
Security Policy
and Governance
Education
Programs
Do you have any questions?
Visit Our Blog
Your Enemy Can Be Your Best Teacher
This quote attributed to the Dalai Lama inspired our analysts to take a thoughtful approach to monitoring our external nodes. We wanted to answer the question – what are the top 20 ports the top 3 cyber threat actor countries are hitting? Could the targeting from countries such as China, Russia, and Iran give us some insights into what they’re trying to exploit?
Living Off the Land (LOTL): A Case Study
During a recent incident involving LockBit ransomware, we discovered a persistent credential stealer that was hidden as a scheduled task/process. We did a significant amount of investigation before unraveling the clues of what was creating alerts and attempting to beacon-out to certain IP addresses in Latvia.
THIS MEMORIAL DAY WEEKEND: RANSOMWARE
Since May 4th, we have seen an eye-catching increase in cyber incidents, email compromise, and ransomware attacks.
As we approach the US Holiday, Memorial Day, we expect this increase to continue. To help improve your awareness, we offer the following trends and fairly consistent indicators pointing back to Eastern European and Russian criminal actors.