5 min read
Whether you work from home or are otherwise separated from your packets by a data center, VPN link, or a WAN connection, being able to debug packet captures is an important part of keeping your networks running smoothly. The ability for your team to work on captures remotely can have real benefits when it comes to saving time, securing data, and especially increasing efficiency.
At CloudShark, we value all of the web-based tools that we use in our own jobs, whether it’s email clients, chat, gitlab, or clubhouse. They help us collaborate faster. With more of us working from home today, they also help us work together easily as a distributed team.
When we designed CS Enterprise, our aim was to apply these benefits to network and security analysts looking at packet captures. We wanted to make it the way to remotely analyze PCAPs in your web browser. We love applying web- centric thinking to all sorts of interesting problems. Coordinating a team that is working remotely is one of these unique challenges.
Here are some of the key considerations that went into CS Enterprise that we believe will help your team optimize their network analysis while individuals are working off-site.
Today’s remote workers rely heavily on systems like Slack, Discord, and other chat services, plus key web-based productivity tools like Google Docs, Gitlab, and the Atlassian suite. They’re working asynchronously at the speed of sharing, passing information and links to resources to collaborate more easily.
CloudShark lets your whole team work with captures and “level up” in the same way they are with other processes. Anyone who can click on a link can start looking at packets. They can post links directly to problems, analysis, and solutions, with tools like tags, comments, and context-specific views to help distributed teams stay in sync.
Profiles, in particular, are a tool used by many packet analysts that are a huge benefit when applied to team based work. Coupled with saved display filters, they encourage faster, collaborative problem solving without each team member repeating the same work over again.
Packet captures contain all of the data that moves across your network. That includes any sensitive corporate information, and especially customer data that should be kept private (particular in healthcare with HIPAA requirements). When captures are shared via attachment or when they are downloaded locally to remote workstations, it creates a security problem and may also violate policy. This is especially true when the security of the remote edge network is not easily guaranteed. Moreover, captures can be lost, and it’s easy to lose track of the number of copies on laptops, home computers, or embedded in email clients.
In addition, anyone working on encrypted data will need access to decryption keys. Having them download the keys to local machines to perform their work is not a secure practice.
A key piece of CS Enterprise’s architecture is the capture repository. This lets you store captures in a centralized database that can be accessed over secure transmission technologies like HTTPS/TLS 1.3, and allows a direct way to work with them. This eliminates the need to work with multiple copies of captures, and lets valuable metadata be applied for sorting and searching.
Moreover, we realized that working with encryption keys wasn’t just easier, but drastically safer when they are centralized and able to be applied to captures without the end-user having direct access to them. Secure storage and application of encryption keys strongly improves the ability to analyze encrypted data, which has become the norm.
Packet captures of an incident or network issue can be large. Sending PCAPs over email, or even accessing them from a file-store when working with locally installed software, can eat up bandwidth on your corporate WAN and put stress on VPN connections. Working through a remote desktop like VNC to access files and software can also be a resource hog. This is especially true when these systems are feeling the load of an increased remote workforce.
One major difference of working with CloudShark is the ability to work with PCAP without requiring the full capture in the client. This makes remote work more realistic for your network infrastructure. It also greatly accelerates the speed at which you can view capture data and share information with your team. This is true even for captures with a large number of packets, thanks to the improvements me made when incorporating CS TraceFrame as the engine behind processing packets.
We know that building and securing networks is a difficult job and we hope that these considerations will help your team provide safety, security and reliability to your users.
CloudShark is the way to remotely analyze PCAPs in your web browser. It’s built for working together, even when you’re far apart. If this sounds like something that would help you, please let us know. We’re here to help you understand it.
Photo credit Goran Ivos via Unsplash
Want articles like this delivered right to your inbox?
No spam, just good networking