“Packet capture” is a process of intercepting and logging network traffic. Technologies that collect, monitor, and/or analyze network traffic can be useful in searching for and identifying cyber security threats. However, the threat detection capability of network security systems can be dependent upon data fidelity and the total amount of data (e.g., network traffic) that is available for analysis.
When a cyber attack occurs, a subsequent identification of compromised data (e.g., accounts, passwords, etc.) can involve a thorough analysis of network traffic surrounding the attack. However, some systems may not be capable of storing enough network traffic to permit such a thorough analysis. In addition, a security breach may not be discovered until days or months after the cyber attack actually occurs. By this time, network traffic recorded near the time of the cyber attack is, in some systems, no longer available for analysis.
Additionally, some systems selectively discard certain types of traffic to conserve storage space. This discarded traffic may contain threat signatures that can provide important network security information. Selective recording and discarding of information creates an incomplete record of what actually happened, leaving significant guesswork to security analysis experts.