- 10 IT security companies to watch
- Mobile phone chargers are energy vampires
- Smartphone smackdown: Storm vs. iPhone
- Video game collisions I'd like to see
- Court slams door on sale of spyware
Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.
While insider threats aren’t as prevalent as attacks from outside a network, insiders' malicious activity tends to have far greater consequences. Insiders know precisely where to go to access the most sensitive information, and they often have ready means to carry out malicious actions. One way to detect and protect against such threats is to log, monitor and audit employee online actions. Today we'll look at three products that are well suited to detecting insider threats. (Compare Data Leak Protection products)
In April 2008, PacketMotion released its new PacketSentry 3.0 product. PacketSentry provides a thorough level of detail about what each user is doing on the network, and it presents that information in language business people can understand. Because the data is real-time, it’s possible to identify improper actions and respond immediately.
PacketSentry connects directly to Active Directory so that network activity can be traced to specific users instead of to IP addresses. A probe captures network traffic and merges it with the Active Directory information, creating "user-action records." Rules can be applied to the user-action records to define which activities are out of bounds in a business context. When a rule is being violated, an alert prompts an appropriate response.
For example, suppose a bank teller has full privileges to view customer account balances as part of her job. It would be unusual, however, for the teller to view the balances of hundreds of accounts in one day. This type of activity might indicate she is looking for a target account from which to siphon funds. An administrator can establish a rule to create an alert or other action if the teller views too many accounts in a period of time. PacketMotion calls this "actionable intelligence."
The PacketMotion product comprises two appliance components: the PacketSentry Manager and the PacketSentry Probe. A third component, the PacketSentry Branch Probe, is available for remote-site coverage. The probe component gathers user-activity records, and detects and can enforce policy. The manager component administers policy and collects the user activity data, and generates alerts for analysis. All user activity is captured, analyzed and controlled in real-time.
Linda Musthaler is a principal analyst with Essential Solutions Corporation.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (3)
Because the dlp solution(s)which companies are using can NOT accBy Anonymous on July 16, 2008, 2:31 pmBecause the dlp solution(s)which companies are using can NOT accurately block data; therefore they just watch it leave. From my team's analysis, the only company...
Reply | Read entire comment
Insider Threats issuesBy Anonymous on July 8, 2008, 10:34 pmIf we could monitor such insider threats, why we sometimes hear issues of leakages?
Reply | Read entire comment
What are the false positive rates for these products?By Anonymous on July 8, 2008, 9:14 pmMust not be good or the rate would be mentioned.
Reply | Read entire comment
View all comments