Full Packet Capture Infrastructure Based on Docker Containers

by Mauricio Espinosa Gomez Sept. 1, 2017 via SANS Institute

Full packet capture systems have become an important piece of any Organization’s security infrastructure; having an exact picture of events that happened in the past is fundamental for authorized stakeholders who need to identify the cause-effect of relevant incidents. Particularly in IT security, every piece of information that flows through the network is considered a potential risk to the organization. There is no silver bullet to detect or prevent 100% of threats. Attackers are improving their methodologies to circumvent protective