• TL;DR
• What’s Teleseer?
• Who is it for?
• Why it’s awesome?
• How I discovered Teleseer
• What caught my attention
• Network visibility problem: Convergent Approach vs. Divergent Approach
• Why I sticked to it
• Reporting
• Compliance
• CIS Critical Security Controls (CIS CSC)

Disclaimer

I am not endorsed or affiliated with Teleseer, and everything in this post is my opinion and my own research and experience.

TL;DR

Here I’d like to do a quick tech review of a new SaaS tool I found to be amazing. It’s called Teleseer, and it’s basically a network visualizing tool. We only need to upload a PCAP file (Packet capture file) and it will start graphing the connections between nodes on the network based on packets’ contents. This map is very visual and comprehensive.

What’s Teleseer?

go.teleseer.com

go.teleseer.com

In their own words:

Cyberspatial's mission is to make powerful, easy-to-use cyber defense tools accessible to everyone.

Teleseer is a PCAP-based network visibility and analysis tool that provides mapping, discovery, and validation of your network attack surface. It's scanless, agentless, zero-hardware so you get immediate insights with minimal setup.

Docs:

Teleseer: Smarter Packet Analysis for Security Teams

Teleseer is the fastest, most powerful way to analyze any network from packet captures. No infrastructure, database, setup, or code needed. Start using instantly in your browser.

cyberspatial.com

Who is it for?

This tool is a companion for:

• Network Administrators
• It has the ability to “merge” PCAP files over time so for example, running it once a week, and just uploading the PCAP files to TS to make new discoveries, or new “network sweeps”.
• Penetration Testers
• Just run tcpdump or wireshark for a while, and upload it to Teleseer to have a better look at the network you just accessed to.
• Incident responders & Malware analysts
• If after an incident, a PCAP file is available, it should help us have more visibility on what’s going on in the network over a period of time.
• In Active Malware Analysis, we can tap into our network and figure out what connections are being made. Obviously it only covers network traffic and not computer processes but if the scenario requires network analysis, this can be very helpful.
• Security Architects
• It can help with compliance with certain frameworks.

Why it’s awesome?

We only need to “tap” into the network with TCPdump or Wireshark, save the PCAP and upload it to Teleseer. It will automatically do the Network mapping for us. Not only our LANs, but also WAN side so we have visibility on external connections.

How I discovered Teleseer

This video popped up in my Youtube feed by Ricky Tan:

Here he describes his struggles with building his startup, and also the problem he is trying to solve with his SaaS tool.

I was sold from the first watch.

Check out its Youtube channel, full of very cool videos and showcases. It’s also a very informative Cybersecurity channel.

Cyberspatial

Cyberspatial brings you the best cyber security education and training from the brightest minds in the field. Whether you're a working professional or career transitionist, we deliver content designed to build your skills. Our goal is to empower people like you with the ability to visualize, describe, and communicate the world of cyberspace to others. Whatever level you're at, subscribe now for free content published weekly!

www.youtube.com

What caught my attention

Network visibility is a problem very hard and sometimes expensive to address.

Network visibility problem: Convergent Approach vs. Divergent Approach

Teleseer takes a convergent approach to this problem by means of passive scanning. While other tools‘ (Nmap, Runzero, etc.) divergent approach (Actively scanning the networks) is extremely useful, we sometimes need to take “snapshots” of our networks, and Packet Captures are the most truthful way to do this.

The problem it addresses is a real struggle, and it solves it quickly and at a very reasonable price. Although the video itself is a sales pitch, I liked his transparency with the process, which made me bond a little bit with Teleseer.

So I immediately hopped on to Teleseer and started trying it.

Teleseer was very inspiring for me: They found a problem, they solved it. Maybe I’m only an early adopter but I felt like I was helping out by giving it a spin and analyzing the GUI (Or WUI). I even felt compelled to do this blog post about it.

Why I sticked to it

I’ve always had this problem of mapping out networks. In private clouds, or private networks, there are times we just need to have visibility on what’s going on in our networks.

After watching that video, in no more than 10 minutes:

• I signed up
• Started tapping into my network with Wireshark, let it capture for 5 minutes while I was setting up my account,
• Stopped, saved and Uploaded this first PCAP to my account.

And that was it. I had a network visualization of my sandbox network, communication, inventory, protocols, etc.

I didn’t do this with tcpdump but if we cannot use Wireshark, we can achieve the same in remote networks with:

Copy

# capture traffic from interface eth0, for 100 packets only, write output to capture.pcap
sudo tcpdump -i eth0 -c 100 -w capture.pcap

There’s a full dashboard to visualize communications by type, protocol, country, make inventory of assets, and so on. Very useful.

Reporting

Also, we can export the dashboard visualizations as PDF, PPTX, and more. Here’s how it looks:

Compliance

CIS Critical Security Controls (CIS CSC)

The CIS CSC is a set of best practices divided into three categories: Basic, Foundational, and Organizational. Teleseer supports several key controls within these categories:

Basic Controls

1. Inventory and Control of Hardware Assets: Teleseer assists in identifying hardware assets by analyzing network traffic and visualizing connections, which helps maintain an accurate inventory of devices.
2. Inventory and Control of Software Assets: By identifying thousands of protocols and applications in network traffic, Teleseer helps in maintaining an inventory of software assets.
3. Continuous Vulnerability Management: Teleseer's continuous monitoring and analysis capabilities support the identification and management of vulnerabilities in the network.
4. Maintenance, Monitoring, and Analysis of Audit Logs: Teleseer provides robust tools for analyzing audit logs, helping organizations maintain and monitor logs for security events.

Foundational Controls

1. Malware Defenses: While Teleseer is not a malware defense tool per se, its ability to analyze network traffic can help identify malicious activity indicative of malware presence.
2. Data Protection: Teleseer's packet analysis can help identify sensitive data flows and ensure they are protected according to organizational policies.

Organizational Controls

1. Application Software Security: By analyzing network traffic, Teleseer can help identify vulnerabilities in application software communicated over the network.
2. Incident Response and Management: Teleseer's capabilities in analyzing and correlating event logs support effective incident response and management by providing detailed insights into security incidents.

This was a very brief intro to Teleseer. I wanted to cover why I liked it at first, what draw me into it, and why I will keep using it for more explorations!