Savvius Vigil

For many years, criminal outfits have made most of their money from crimes involving violence, intimidation and corruption. Although these tactics are often successful, the physical activities of criminals expose them to law enforcement bodies. For example, to carry out an armed robbery, offenders need to get close to their target, which means that they risk being caught red handed.

Given the risky nature of traditional methods of crime, it’s not surprising that organized criminals have turned to online lawlessness, which means that crime levels today nearly always involve cybercrime.

It’s fairly easy when criminals can commit an anonymous crime from any location so that the associated risks they bear substantially diminish. As a direct result, many law enforcement officers now believe that, in terms of profitability, cybercrime will soon outrank some of the major long-established criminal markets such as trading in narcotics or counterfeit goods.

Given this threat, which is growing stronger day by day, companies can’t afford to continue to have a passive, reactive attitude to cyber security. They must thoroughly search for solutions and ultimately introduce tools that assist them in limiting the risk. Network monitoring, including network forensics and the analysis of cyberattacks, is a good approach to take.

The methods used in network forensics enable recording, storage and analysis of all network traffic. In fact, they allow specialists to examine and analyze planned cyberattacks using almost the same methods that forensics use for traditional criminals. When an organisation’s safety devices trigger an alarm, network forensics helps IT technicians to see the precise irregularities they need to find evidence of an attack. This option has four distinct advantages for companies that rely on solutions for network forensics:

The ability to characterize security attacks and eliminate them. Additional efficiency through better use of network resources. Reduced exposure to breaches of rules and penalties.
The quick resolution and prevention of network problems that cause safety risks and affect productivity and customer service. In addition, it helps information security professionals to ward off threats in real time and record important information on network forensics on a daily basis, allowing IT technicians to study incidents and better prepare for similar attacks in the future.

President Obama called cyberspace “the new wild west”, a clear indication of the serious threat this new type of crime poses to the business community and consumers. Unfortunately, due to the chaotic development of criminal gangs, they’re usually one step ahead of their victims – but it doesn’t have to be this way. An end-to-end solution for monitoring a network that includes network forensics can help to raise the bar when it comes to the damage that virtual thieves can do.

Cybercriminals have more sophisticated weapons at hand than ever before, which puts new pressure and accountability on information security professionals. In addition, criminals have access to a larger pool of potential targets, including everything from current currency to personal information to intellectual property. Without the proper means of defense, no matter how talented your IT team may be, successfully defending yourselves from cybercrime is almost impossible.

So, are you looking for the answer to help you close security gaps on your network? If so, please feel free to take part in the Savvius Live Web Seminar “Savvius Vigil 2.0: Extending Breach Investigations Like Never Before”. Watch our Director of Product Management, Jay Bothelho, and Technical Director, MandanaJavaheri, present Savvius Vigil 2.0, the first network program that can intelligently store information at packet level for months to improve security checks. It interacts with your existing SIEMs (IDS / IPS) to control the security of network packets.

Network data is critical in every security investigation

Savvius Vigil automates the collection of network traffic needed for security investigations into both alerts, reducing the likelihood of a breach, and into breaches, minimizing their impact. Even breaches not discovered for months can be effectively investigated using Vigil. Savvius Vigil, which integrates with all leading IDS/IPS systems, includes Omnipeek, award-winning network forensics software.

How It Works

Savvius Vigil integrates with your existing SIEM’s IDS/IPS capabilities to trigger storage of network packets. Savvius Vigil integrates events from multiple sources, including network conversations with specified IP addresses. Traffic between relevant nodes is captured before and after the triggered events. Optionally, all related traffic to and from an event’s IP addresses is captured as well.

System Specifications


  • 64TB HDD
  • Optional 64TB Extended Storage
  • 4 port 1/10G Network Adapter


  • Savvius Vigil software for monitoring and forensics supports multiple appliances
  • Monitoring dashboard with overview, storage use, and event management
  • Security Forensics capability, including hierarchical search by date, event, IP address, severity, etc.

Supported IDS/IPS Systems

  • HP Arcsight
  • Checkpoint
  • Cisco FirePOWER
  • Sophos Cyberoam
  • IBM QRadar
  • LancopeStealthwatchby Cisco
  • McAfee Enterprise Security Manager
  • Palo Alto
  • Snort
  • Suricata

Data Sheet

Breach Happens

Article from the radio show - Network Forensics

Network Analysis / Monitoring

Product Brochure

We are happy to advise you and look forward to