Jump to content

Network Monitor - Expanding its functionality


Recommended Posts

Posted

Kaspersky has a world class detection engine and security network that fast tracks viruses that are found and detected.

 

Although world class detection is something to be proud of, the reality is that some viruses will infect a machine until it is found and removed.

 

Its known that part of investigation of hacks involves tracing an attackers footsteps if possible.

Seeing that Kaspersky already has a Network Monitor, why not put some resources to enhance it to be world class as well ?  

 

Some ideas; capture traffic (and domain name) of all inbound/outbound traffic until a certain period of time for investigative purposes ?  

 

I recall many years ago, Kaspersky had filters that would block based on Geo boundaries.  If you didn’t want traffic to/from and addresses in China, it was a simple click of a radio button.

 

The log of all network traffic should be searchable similar to the log of events that Kaspersky keeps (ie when Application Control started, warnings, etc)

 

Just a thought boys (and girls).

Posted

Hi @celsurf , 

Capturing traffic is a very intensive process, taking lots of disk space, loading CPU, etc. You definitely would not want to have any software dumping all the traffic all the time. We have a utility that dumps network traffic, it is used to troubleshoot various issues, and the resulting data is huge, even when it runs for a short period of time.

Regards,

Igor

Posted

Hi @celsurf , 

Capturing traffic is a very intensive process, taking lots of disk space, loading CPU, etc. You definitely would not want to have any software dumping all the traffic all the time. We have a utility that dumps network traffic, it is used to troubleshoot various issues, and the resulting data is huge, even when it runs for a short period of time.

Regards,

Igor

 

Thank you

Guest
This topic is now closed to further replies.


×
×
  • Create New...