TMCnet News

CSPi Develops Advanced Forensic Framework for Cyber Threat Identification and Analysis
[March 28, 2017]

CSPi Develops Advanced Forensic Framework for Cyber Threat Identification and Analysis


BOSTON, March 28, 2017 (GLOBE NEWSWIRE) -- CSPi Inc. (NASDAQ:CSPi), a provider of managed security and IT technology security services and packet capture solutions, today announces CSPi’s Advanced Forensic Framework,  specifically designed to assist security resources in protecting their most critical data by quickly visualizing, detecting and capturing all suspicious activity.

Enterprises of all sizes often struggle with getting to the bottom of threats, and can easily be overwhelmed with the volume of limited value information being generated from firewalls, and intrusion detection systems (IDS).  Security information and event management systems (SIEMs) were thought to be the answer but only exacerbated the problem by merely aggregating incomplete log and netflow data.  In addition, SIEMs are impractical for most organizations as they are costly to maintain ($100s of thousands annually), as well as require a 24 x 365 team of highly skilled SOC resources.

“We have seen our customers struggle with the challenges associated with enterprise security – too much, or lack of the right data to analyze to determine the scope of a breach and an inability to quickly perform forensics on the data at hand,” said Gary Southwell, General Manager, CSPi. “For companies in regulated industries it is even more important to solve these challenges in order to adhere to data privacy laws, such as the EU’s GDPR which is coming online in 2018.  We took a much more pragmatic approach to the problem, placing focus on the data that must be protected at all costs, an organizations PII, financial transactions and/or intellectual property.”

The vast majority of the time, enterprises, non profits, and government agencies - relying solely on metadata from tools such as firewalls, IDS or SIEMs to analyze a cyber breach - will fail in meeting the latest auditing requirements in order to receive cyber insurance reimbursement, as they must explain:

1) What devices are involved and to what degree?

2) Whn did the breach start and when did it end?



3) What critical databases and/or files were accessed?


4) If I replay the initiating attack data, do my new patches stop the attack?

The CSPi solution framework provides answers to all of these questions and more, reducing the time and money spent collecting and sorting out this information.

“The standard approach to cyber-attack detection has been to monitor all network traffic and hope that your security tools identify and thwart attacks.  However, when you try to protect everything, you typically end up protecting nothing,” said William Bent, Product Manager at CSPi. “The loss of critical business data would be devastating to a company’s operations, its customers, patents, and employees, so why spend precious resources monitoring anything else before you adequately protect what is most important?”

CSPi’s Advanced Forensic Framework is powered by the recently announced Myricom nVoy Series, which can be dropped into any existing security infrastructure and dramatically changes the approach to detecting and verifying threats against critical data.

The Myricom nVoy Packet Broker dramatically reduces the amount of data with its powerful filtering, replication and loadbalancing capabilities allowing direct access to the data security resources are most interested in,  such as specific traffic at risk, (i.e. those transactions to and from the organizations critical databases and files.)

The nVoy Packet Recorder stores and indexes all such data flows and allows quick access, and replay from its timestamped, searchable index.  The detailed recorded data fills the gaps left by the alert log metadata by providing not only the complete scope of the attack but the detailed data of what occurred.  This is crucial in fulfilling compliance requirements for data privacy laws such as NIST, SOX and DSS.

To learn more, go to: www.cspi.com/forensic-framework 

About CSPi
CSPi (NASDAQ:CSPI) maintains two distinct divisions: High Performance Products and Technology Solutions. CSPi's GmbH Technology Solutions subsidiary has been active in the German market for over 40 years, formally conducting business as Modcomp. The Technology Solutions division provides innovative technology solutions for network solutions, wireless and mobility, unified communications and collaboration, data center solutions, and advanced security, as well as the Vital Managed IT Services offering across those technology focus areas. CSPi's High Performance Products division offers extreme network performance with the Myricom(R) ARC Series of network adapters, which are purpose built for diverse applications, including cybersecurity, financial trading, content creation/distribution, storage networking applications as well computer signal processing systems.  For more information, please visit www.cspi.com.

Contact Information

For Press
Amy Carey
CSPi, Inc. 
Tel: 978-663-7598
Email: [email protected]

Primary Logo


[ Back To TMCnet.com's Homepage ]