know the unknown netdetectorlive™ - niksun · tools must be flexible enough to adapt to an...
TRANSCRIPT
Challenge
The threat of information theft in today’s porous network infrastructures mandate the use of security surveillance and forensic methods to monitor relevant network traffic and assure that all incidents of information leakage are identified, recorded and made available to those responsible for policy breach investigations. Furthermore, these tools must be flexible enough to adapt to an organization’s cultural and operational environment, providing detailed forensic evidence to a wide range of consumers, from information security specialists to compliance auditors and legal professionals.
Solution
NIKSUN’s NetDetectorLive provides real-time surveillance over enterprise networks, monitoring content within applications to ensure policy compliance, be they internal or regulatory (PCI, SOX, HIPAA, etc.) policies. It also provides visibility and control over how sensitive information is being accessed, received and delivered on the network. Such actionable and accurate analysis into the actual content of applications provides great degrees of insight into how services and applications are being used, if any activity is non-compliant with internal or regulatory policies and whether the organization is adhering to best practices models such as ITIL, Six Sigma, etc.
How it Works
NetDetectorLive constantly records and matches the content of all or a filtered subset of applications running on the network with internal and regulatory policy definitions. Users may then search the NIKSUN Network Knowledge Warehouse to understand how sensitive information is moving from one place to another, who
NetDetectorLive™Real-time Application Content Monitoring for Policy Compliance
Features & BenefitsReal-time inbound and ~~
outbound application monitoring with granular content search
Be alerted to internal and ~~
regulatory policy breaches as they occur
Reconstruct application ~~
sessions and policy violations for audits and evidence
Support for lawful intercept ~~
and CALEA
Capture and store all ~~
communication sessions to search current and historic user activity
Replace manual investigation ~~
processes with proactive discovery, classification and analysis of diverse applications and protocols
Full-packet capture and ~~
analysis on a variety of interfaces
Mask sensitive data (such as ~~
CCNs and SSNs) to ensure strict policy compliance
Role based access control~~
Plug & Play device with web-~~
based user interface
Protect intellectual property from information leaks,
theft, unauthorized access, insider threats and abuse
Internal and regulatory compliance verification (PCI, SOX, HIPAA, GLBA, EU Data Protection Directive, etc.)
Lawful intercept for CALEA warrants; reproduce non-
tampered network events as evidence in a court of law
Clear understanding of the when, what, what else, how of non-compliant network
events
Alignment of performance and security tools to best practices (ITIL, Six Sigma,
CQI, CMI, FCAPS, etc.)
Know the UnknownD
ATA
SHEE
T
Summary of Sessions not in Compliance
About NIKSUN: NIKSUN is the premier provider of patented multi-timescale network and security monitoring and real-time analysis solutions that identify, alert, analyze and report on incidents that impact performance, security, compliance applications and services. NIKSUN’s Enterprise Solution is the only technology available today that offers large organizations the ability to consolidate views into globally distributed high-speed converged networks according to user responsibilities. NIKSUN empowers organizations to make fast, accurate decisions that assure network performance, security and compliance goals are met and data integrity is protected.
1100 Cornwall Road Monmouth Junction
NJ 08852t: +1.732.821.5000
toll free: +1.888.504.3336 f: +1.732.821.6000
moves it and what specifically is being transferred. Signatures, rules and search criteria are prioritized for effective and relevant detection of policy violations.
On detection of a violation, NetDetectorLive generates immediate alarms that identify anomalous events and link them to application sessions down to packet level information so forensic investigations rapidly conducted.
NetDetectorLive provides a clear path to understand the reason behind a policy breach, the context within which it occurred and can reconstruct it to analyze how, why and with what intent it occurred. Because all network packets are indexed, time-stamped and stored in the NIKSUN Network Knowledge Warehouse, it becomes very easy to identify the cause of the breach, which user(s) were involved, what information was leaked, whether it left the network, to whom it was sent and whether the event was innocent or not.
Application Reconstruction: Preserving the Truth
Besides searching network application content for sensitive information, on the occurrence of an anomalous incident a security administrator has the option to reconstruct the application session within which the anomaly transpired. NetDetectorLive can regenerate exact web, chat, email, FTP and other TCP/IP sessions, within the policy of local environments.
When the consequence of an incident is likely to be deliberated within a court of law, or before an authoritative body (for example: a human resources audit), the information within the NIKSUN Network Knowledge Warehouse can be presented not only as meta-data but also as an exact replication of the incident itself. Incompliant email, chat, web and other TCP/IP sessions can be reconstructed exactly as they occurred, allowing security administrators to see precisely what the violator had on their screens, as proof of a policy violation. NetDetectorLive’s ability to record incidents and present them as irrefutable evidence of the truth has proved to be of great value to customers, providing a basis for lawful action, non-repudiation and protecting the image of businesses in the face of society and vested stakeholders.
Technical Information
Network Interfaces supported (Full Duplex, Half Duplex): 10/100/1000 Mbps (copper/fiber), T1/E1, V.35, X.21, T3/E3, HSSI, OC3
Protocols Supported: TCP/IP, UDP/IP, IPv6, IPv4, Ethernet, MPLS, Frame Relay, PPP, Bay PPP, CISCO HDLC, PoS, ATM, MLPP, WCP, STAC, VLAN (ISL & IEEE 802.1q), IEEE 802.3 (Ethernet), IP fragments
Form Factors: A variety of 1U and 2U form factors are available. Internal storage starts at 500 GB and scales to 4.5 TB. Unlimited external storage available.
Integration: TACACS+, RADIUS, LDAP and Active Directory
Reconstruction of Chat Session with Credit Card Leak
NIKSUN, the NIKSUN logo, NetDetector, NetVCR, NetVoice are either registered trademarks or trademarks of NIKSUN, Inc. in the United States and/or other countries. Other product & company names mentioned herein may be trademarks of their respective owners. NIKSUN, Inc. shall not be liable for damages of any kind for use of this information, which is subject to change without notice and may include typographical errors and inconsistencies. Copyright© 2008 NIKSUN, Inc. All rights reserved. NK-DS-NDL09.1