When it comes to network forensics we are primarily dealing with three use cases.
The first is operational intelligence. This tends to manifest in metrics and visibility into availability and performance. Management personnel typically require high level reporting whereas network and engineering teams require drill down capabilities to get root cause answers quickly. Network forensics is crucial for anyone who needs to drive down mean time to repair or mean time to identify. Organizations such as media companies, ecommerce businesses, and anyone with an online presence where downtime is money use forensics tools on a daily basis.
The second use case is security and compliance. Network forensics can be used to identify traffic patterns that look malicious, identify DDoS vectors, attempted breaches, and malware. Real-time and historical reports with the ability to associate network activity with devices or users are the foundations of most compliance standards. Organizations of all sizes and in all sectors need to keep their networks secure which means forensic solutions are a must have.
The third use case is customer insights. This is business performance analysis, which includes real-time revenue monitoring, event impact and correlations. The customer in this instance is typically on-line and requires a stable and fast connection to applications, games, or services. Gaming, media and entertainment, hi-tech are all areas where this is seen as a requirement rather than a nice to have.
Thanks to NetFort for the article.