Network Forensics for Telcos Telecommunication providers face very unique cybersecurity threats and challenges. In addition to all of the security vulnerabilities and exploits all large enterprises have, the United States and other governments around the world require telecommunication providers to provide support for digital lawful intercept. This means that communication providers must be able to provide law enforcement agencies with the ability to tap or monitor specific communication sessions along with detailed session information, all without the possibility of detection by those being monitored. In order to be capable of responding to digital lawful intercept mandates, providers need the capabilities of active network forensics in order to have a complete digital forensic record of what happens on the communication mediums and networks they provide.

Challange

Capturing and storing network traffic is a big problem, yet communication providers may be served with a subpoena, warrant or lawful request that requires them to produce all of the emails, instant messages, ftp traffic, or other forms of communication from a specific individual or account that traversed their networks. In fact, the mandate may require all such communication to or from an entire group of IP addresses be produced and turned over to law enforcement. This could represent a work group, branch office or an entire company.

Responding to such mandates can be very difficult, and failure to comply can result in big penalties.

Network Forensics - The Solution

To respond to these specific needs, Solera Networks can provide communications providers with simple yet powerful network forensics solutions that are capable of full network communications capture, indexing, storage, monitoring and replay.

Solera Networks' line of forensics appliances, combined with lawful intercept management software, provide everything necessary to capture and preserve all digital communication sessions including email, chat, instant messaging and HTTP sessions - along with related intercept information.

With the historical record of network traffic provided by Solera Networks products, communication providers can replay all network traffic and filter based on MAC or IP addresses, packet headers, or payload and application data.

This means that even Internet based email or other traffic flowing through non-controlled or owned applications can be captured and later replayed.

Within minutes of receiving the warrant, providers can capture traffic and create a record for law enforcement agencies. While not in use collecting data for a warrant, the forensics appliance can be used to capture network traffic to help identify security issues or improve performance.

1. Served with a lawsuit or warrant requesting email records

Problem:

Your telephone companys is served with a subpoena, warrant or lawful request that requires you to produce all email from a certain account or IP address. How do you capture mail sent using Yahoo, Gmail, or other Web-based email accounts? How do you comply with e-discovery requirements? (Morgan Stanley was forced to pay $1.5 Billion to Ronald Perlman for not delivering email records in a timely manner.)

Solution:

With a historical record of network traffic, you can replay network traffic and filter based on MAC address or IP address using identifiers to filter for email traffic. Replay the filtered traffic to uncover email conversations.

Result:

You can easily deliver a record of email going through your own email system. Plus, the Solera Networks solution will give you a record of Internet-based email that crosses your network, which you don't have direct control over.

2. Served with a lawsuit or warrant requesting IM conversations

Problem:

Your internet service company is served with a subpoena, warrant or lawful request that requires you to produce all IM conversations from a certain account or IP address. How do you capture IM traffic from online accounts like AIM, Yahoo, MSN, etc.? How do you comply with e-discovery requirements?

Solution:

With a historical record of network traffic, you can replay network traffic and filter based on MAC address or IP address using identifiers to filter for IM traffic. Replay the filtered traffic to uncover IM conversations.

Result:

You can easily deliver a record of IM traffic going through your own messaging system. Plus, the Solera Networks solution will give you a record of Internet-based IM that crosses your network, which you don't have direct control over.