When investigating network traffic, you need to be able to find suspicious / malicious indicators very quickly.
Because of the many plates Analysts have to keep spinning, they are only able to spend 25% of their time (on average) on real-time monitoring and triage. Analysts spend their time on 12 broad activities. I have worked in different Security Operation Centres (SOC) in different industries and I see Wireshark being used all the time but … the default Wireshark layout and view is not efficient for Cyber investigations!īased on the interesting, and in my opinion accurate, “ Voice of the Analyst Study” report by the Cyentia Institute in 2017. Wireshark is heavily used by Security Analysts and Information Security professionals on a regular basis. Simply, Wireshark is a great tool for network analysis and it is used by IT professionals all around the world. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.” “Wireshark is the world’s foremost and widely-used network protocol analyzer.
0 kommentar(er)
