What is Retrospective Network Analysis?

Retrospective network analysis allows you to quickly browse backwards through massive amounts of network traffic to view breaches and anomalies as they happened, within the context of other activity on the network.

Now you can avoid the labor-intensive step of re-creating problems to troubleshoot them.

Traditional packet capture gives administrators insight into networks via packet-level decode and analysis. While these tools are useful in managing mid- to enterprise-level networks, using them to provide administrators enough information to solve subtle or sporadic problems is difficult.

RNA acts like a 24/7 surveillance camera—it is far easier to find the culprit using a stored video of the crime rather than one photograph.

How Retrospective Network Analysis Works

Your Network Recorder
With continually captured data, GigaStor makes it easy to “rewind” your network, determine problem sources, and perform analysis. Retrospective network analysis speeds troubleshooting and provides long-term corporate-wide benefits.

Hold Everything
GigaStor now offers a variety of scalable field options storing 2 TB – 576 TB or can offload to a SAN for nearly unlimited storage. Use the GigaStor calculator to estimate the size of GigaStor you will need.

Revive the Past
GigaStor can take captured traffic and recreate communications in an easy-to-view format. Rebuild web pages (including images), and reconstruct e-mails to gather evidence of network activity.

Comprehensive Analysis
More than a simple network recorder, GigaStor provides long-term, real-time, and post-capture network statistics and allows you to apply expert analysis to view possible problem causes and immediate solutions.

Answer the VoIP Call
Continually monitor VoIP performance. Save or play voice conversations. Obtain high-level VoIP traffic summaries and in-depth call detail records. Track jitter, MOS, and other unified communications statistics.

A Real-World RNA Example

1. Suspicious Web Activity
   HR requests a report on web activity for John Doe, an employee suspected of accessing prohibited web sites using corporate equipment.
2. Go Back in Time
   IT uses the GigaStor’s Time Navigation to quickly isolate and filter down on John Doe’s web traffic for the previous week.
3. Reconstruct Web Pages
   A scan shows suspicious URLs. With GigaStor, the IT manager sees the web page exactly as it appeared on that specific day by reconstructing captured data. The GigaStor’s Stream Reconstruction rebuilds web pages Doe visited during the period in question.
4. GigaStor Provides Evidence
   Evidence allows HR to take appropriate action and enforce corporate policy with the employee.
   

View another example.

Is it the Network, the Application, or Security?

GigaStor's forensic capabilities let you diagnose and resolve network problems through retrospective network analysis. GigaStor operates like a security camera, recording everything traversing the network. It determines if a security breach occurred by comparing historical traffic against thousands of Snort rules to identify attacks and anomalies.

Use the GigaStor to determine the source and time of a security breach:

• View breaches exactly as they happened
• Identify compromised machines and network infrastructure
• Drill down for packet-level forensic analysis
• Reconstruct mined data (VoIP, web pages, documents, e-mails)
• Provide evidence for compliance and security issues
• Use GeoIP capture to aid in determining IP address details such as physical location, country of origin, and service provider

GigaStor plays a significant role in data mining, network forensics, and data-retention compliance. It provides a separate and unaltered view of network activity that can be played back to investigate connections and transactions.