Tech Field Day

The Independent IT Influencer Event

  • Home
    • The Futurum Group
    • FAQ
    • Staff
  • Sponsors
    • Sponsor List
      • 2025 Sponsors
      • 2024 Sponsors
      • 2023 Sponsors
      • 2022 Sponsors
    • Sponsor Tech Field Day
    • Best of Tech Field Day
    • Results and Metrics
    • Preparing Your Presentation
      • Complete Presentation Guide
      • A Classic Tech Field Day Agenda
      • Field Day Room Setup
      • Presenting to Engineers
  • Delegates
    • Delegate List
      • 2025 Delegates
      • 2024 Delegates
      • 2023 Delegates
      • 2022 Delegates
      • 2021 Delegates
      • 2020 Delegates
      • 2019 Delegates
      • 2018 Delegates
    • Become a Field Day Delegate
    • What Delegates Should Know
  • Events
    • All Events
      • Upcoming
      • Past
    • Field Day
    • Field Day Extra
    • Field Day Exclusive
    • Field Day Experience
    • Field Day Live
    • Field Day Showcase
  • Topics
    • Tech Field Day
    • Cloud Field Day
    • Mobility Field Day
    • Networking Field Day
    • Security Field Day
    • Storage Field Day
  • News
    • Coverage
    • Event News
    • Podcast
  • When autocomplete results are available use up and down arrows to review and enter to go to the desired page. Touch device users, explore by touch or with swipe gestures.
You are here: Home / Videos / cPacket Network Observability for Deterministic Incident Detection

cPacket Network Observability for Deterministic Incident Detection



Security Field Day 13


This video is part of the appearance, “cPacket Presents at Security Field Day 13“. It was recorded as part of Security Field Day 13 at 9:00-10:30 on May 29, 2025.


Watch on YouTube
Watch on Vimeo

cPacket enables deterministic incident detection by inspecting every byte in every packet at line rate, delivering real-time visibility into threats like DNS beaconing, volumetric DDoS, and C2 channels. With high-speed, packet-level analytics across hybrid cloud and enterprise networks, security teams gain definitive, actionable insights to accelerate threat detection, incident response, and breach prevention. cPacket’s approach to incident detection is “deterministic,” meaning it relies on clear, definable thresholds. For threats like DNS beaconing, cPacket’s smart port technology, leveraging FPGAs and ASICs, can inspect every byte in every packet at line rate to perform string matching. This allows for immediate detection of specific domain requests, such as those associated with supply chain attacks, providing a definitive “yes or no” answer regarding infection status.

For volumetric DDoS attacks, cPacket’s ability to count every packet in real-time allows for rapid detection of anomalies, such as an unusually high ratio of SYN packets to SYN/ACK packets (SYN flood) or excessive DNS responses without corresponding requests (DNS amplification). These detections are measured in seconds, providing much faster and more accurate alerts than traditional methods like NetFlow. While cPacket focuses on detection rather than mitigation, these real-time alerts can be used to initiate on-demand mitigation strategies with ISPs or scrubbing centers, particularly crucial for financial services firms that prioritize low latency.

Furthermore, cPacket’s packet capture solutions can identify long-duration, low-traffic sessions, which are characteristic of command and control (C2) channels. By tracking millions of open TCP sessions, even those with minimal data transfer, cPacket can alert security teams to sessions that persist for days or weeks, indicating potential compromise. While this specific capability primarily applies to TCP sessions, the overall approach of leveraging high-speed, pervasive network observability to detect clear deviations from normal behavior offers invaluable, actionable insights for security teams, complementing existing security tools by providing definitive, packet-level evidence of threats.

Personnel: Andy Barnes, Ron Nevo


  • Bluesky
  • LinkedIn
  • Mastodon
  • RSS
  • Twitter
  • YouTube

Event Calendar

  • Jun 10-Jun 11 — Tech Field Day Extra at Cisco Live US 2025
  • Jul 9-Jul 10 — Networking Field Day 38
  • Aug 19-Aug 20 — Tech Field Day Extra at SHARE Cleveland 2025
  • Sep 10-Sep 11 — AI Infrastructure Field Day 3
  • Sep 24-Sep 25 — Security Field Day 14
  • Oct 22-Oct 23 — Cloud Field Day 24
  • Oct 29-Oct 30 — AI Field Day 7

Latest Coverage

  • Codiac Refreshes Container Management Across SDLC: Some Key Features on the Platform
  • HPE Greenlake Paves a Path to a Hybrid SAP ERP Future
  • Scality Showcases Real-World Resilient Cloud Storage Solutions
  • OpsRamp Shows Unified IT Operations for Fast Incident Management
  • VIAVI: PCAPs and LLMs

Tech Field Day News

  • Have A Classy Time with Tech Field Day Extra at Cisco Live US 2025
  • Exploring Cloud Resilience, AI, and Data at Cloud Field Day 23

Return to top of page

Copyright © 2025 · Genesis Framework · WordPress · Log in