Enhance Threat Response with Cloud-Based Packet Capture
Streamline and enrich security incident investigations, forensics, and threat detection.
Empower your team to resolve security incidents faster
The Problem
Access to past traffic content is critical
Poor performance and scalability
Hardware-bound legacy solutions can't decrypt and capture today's massive volume of traffic efficiently.
High infrastructure and bandwidth costs
Legacy solutions capture all content regardless of risk relevance, creating high volumes of low-interest capture.
Complexity in analysis
Analyzing the vast amounts of data collected by legacy PCAP solutions can be complex and time-consuming.
Solution Overview
Get secure and seamless access to traffic content
Easily capture decrypted traffic via specific criteria in Zscaler policy engines.
Traffic Capture enables you to incorporate capture decisions into existing policies across URL filtering, malware protection, advanced threat protection, firewall and IPS control, DNS control, and file type control.
By defining granular policies and rules for capturing specific content, you can concentrate on packets and full content related to risky events identified by advanced threat and malware detection signatures, threat intelligence, AI/ML as well as flexible and specific policy controls.
Traffic Capture is part of Zscaler Internet Access™, the world’s most-deployed security service edge (SSE) solution.
Benefits
Reduce time, effort, and cost to capture traffic content
Cut costs and complexity
Decrypt and capture traffic content without a legacy appliance-based solution, saving countless hours and expense.
Reduce infrastructure and bandwidth costs
Define policy-level criteria to capture only content associated with risky events, rather than all content, avoiding further added costs.
Safeguard your data your way
Securely store captured data as PCAP files in your preferred external storage.
Use Cases
Power superior security forensics
Capture some traffic for extended periods to support threat hunting and many forensic/incident response investigation needs.
Study and replay traffic that might have caused a threat signature or other detection to trigger a false positive.
Test new threat signatures or detections of any kind against known threat activity in real traffic content.
Capture traffic content to comply with regulatory compliance requirements.
Scopri il potere di Zscaler Zero Trust Exchange
Una piattaforma completa per proteggere, semplificare e trasformare il tuo business
01 Operazioni di sicurezza
Riduci il rischio, rileva le violazioni e contienile con informazioni utili fornite da una piattaforma unificata
02 Protezione dalle minacce informatiche
Proteggi utenti, dispositivi e workload da compromissioni e movimento laterale delle minacce
03 Sicurezza dei dati
Impiega l'ispezione TLS/SSL completa su larga scala per ottenere una sicurezza integrale dei dati in tutta la piattaforma SSE
04 Zero Trust per filiali e cloud
Connetti utenti, dispositivi e workload all'interno delle filiali e tra queste, cloud e data center
FAQs
Packet capture (PCAP) technology captures and analyzes network packets. Security practitioners and threat researchers use this packet data in forensic analysis, incident investigation, false positives review, threat signature testing, and compliance assurance.
Packet Capture (PCAP) intercepts and records data packets traversing a network in real time. PCAP files contain IP addresses, network packet header data, HTTP request and possibly response headers, and content associated with a specific policy criteria match. An administrator can limit the volume of data captured per matched policy as well as control the frequency of capture.
Request a demo
Let our experts show you the power and efficiency of cloud-based Traffic Capture.