Enhance Threat Response with Cloud-Based Packet Capture
Streamline and enrich security incident investigations, forensics, and threat detection.
Empower your team to resolve security incidents faster
The Problem
Access to past traffic content is critical
Poor performance and scalability
Hardware-bound legacy solutions can't decrypt and capture today's massive volume of traffic efficiently.
High infrastructure and bandwidth costs
Legacy solutions capture all content regardless of risk relevance, creating high volumes of low-interest capture.
Complexity in analysis
Analyzing the vast amounts of data collected by legacy PCAP solutions can be complex and time-consuming.
Solution Overview
Get secure and seamless access to traffic content
Easily capture decrypted traffic via specific criteria in Zscaler policy engines.
Traffic Capture enables you to incorporate capture decisions into existing policies across URL filtering, malware protection, advanced threat protection, firewall and IPS control, DNS control, and file type control.
By defining granular policies and rules for capturing specific content, you can concentrate on packets and full content related to risky events identified by advanced threat and malware detection signatures, threat intelligence, AI/ML as well as flexible and specific policy controls.
Traffic Capture is part of Zscaler Internet Access™, the world’s most-deployed security service edge (SSE) solution.
Benefits
Reduce time, effort, and cost to capture traffic content
Cut costs and complexity
Decrypt and capture traffic content without a legacy appliance-based solution, saving countless hours and expense.
Reduce infrastructure and bandwidth costs
Define policy-level criteria to capture only content associated with risky events, rather than all content, avoiding further added costs.
Safeguard your data your way
Securely store captured data as PCAP files in your preferred external storage.
Use Cases
Power superior security forensics
Capture some traffic for extended periods to support threat hunting and many forensic/incident response investigation needs.
Study and replay traffic that might have caused a threat signature or other detection to trigger a false positive.
Test new threat signatures or detections of any kind against known threat activity in real traffic content.
Capture traffic content to comply with regulatory compliance requirements.
Découvrez la puissance de Zscaler Zero Trust Exchange
Une plateforme complète pour sécuriser, simplifier et transformer votre entreprise
01 Opérations de sécurité
Réduire les risques, détecter et contenir les violations, grâce à des informations exploitables provenant d’une plateforme unifiée
02 Protection contre les menaces en ligne
Protéger les utilisateurs, les appareils et les workloads contre les compromissions et le déplacement latéral des menaces
03 Sécurité des données
Exploiter une inspection TLS/SSL complète à grande échelle pour une sécurité complète des données sur la plateforme SSE
04 Zero Trust pour les sites distants et le cloud
Connecter les utilisateurs, les appareils et les workloads entre le site distant, le cloud et le data center, et au sein de ceux-ci
FAQs
Packet capture (PCAP) technology captures and analyzes network packets. Security practitioners and threat researchers use this packet data in forensic analysis, incident investigation, false positives review, threat signature testing, and compliance assurance.
Packet Capture (PCAP) intercepts and records data packets traversing a network in real time. PCAP files contain IP addresses, network packet header data, HTTP request and possibly response headers, and content associated with a specific policy criteria match. An administrator can limit the volume of data captured per matched policy as well as control the frequency of capture.
Request a demo
Let our experts show you the power and efficiency of cloud-based Traffic Capture.