Case Study: Healthcare Pharmaceutical Biotech achieves automated incident response and extended packet retention with Riverbed Alluvio AppResponse

Automating Incident Response with Riverbed AppResponse

A global biopharmaceutical company deployed the Alluvio Unified NPM suite to gain full-fidelity visibility across network and application layers, but faced a common challenge: security alerts often require packet-level evidence long after events occur. With AppResponse set to retain about 24 hours of packet data and physical storage limits, important packets needed for investigations risked aging out before they could be analyzed.

Riverbed professional services built an automated two-step API workflow that locates AppResponse appliances with matching IP/port/time ranges, retrieves the relevant PCAPs, and saves them to a secure FTP repository; a web frontend and email notifications let security teams schedule and access captures easily. The solution preserves packet evidence on demand, accelerates forensic investigations, and effectively extends packet retention and AppResponse ROI without requiring additional storage hardware.