How It WorksPacketMotion delivers real-time control of insider threats by capturing user transactions at an unprecedented level of granularity and applying your policies to that data - at wire-speed, enterprise-wide. The PacketSentry appliance enables organizations to quickly deploy and get immediate results. Connected to a switch port tap, the appliance is completely unobtrusive and does not require agents – nor changes to your existing network, identity or directory services. The PacketSentry system obtains identity states by extracting live user data from network traffic and Windows Domain Controllers. The system also maintains user, asset and group relationships by interfacing with Active Directory. The PacketSentry appliance works by transparently analyzing sessions layers 4-7, extracting key metadata, and applying operator pre-defined rules. Captured transaction metadata is then assessed against PacketSentry rules, which determine if the transaction record will be securely sent to the centralized database for subsequent analysis, if an alert will be generated, or if a network transaction violation will be prevented from being fulfilled. The PacketSentry solution provides real-time activity tracking, alerting, and enforcement while the system manages months of historical records retained online for immediate access. PacketSentry's web console puts a business-level view of network user activity at the operator's fingertips. The system includes built-in dashboards, alerts and extensible report templates cover monitoring critical assets and users, business policy, as well as compliance and control validation. Operators gain full visibility into group, user, system access, application use, and data access trends. PacketSentry’s web-like freeform text search further facilitates finding answers to identity-based transactions. Novice to expert users can easily create granular policies spanning user, group, server, and application activity – all extracted from current Active Directory structure. PacketSentry rules are simple to create, self-descriptive, and powerful. Integrated rule builder functionality offers an easy means to create, test, tune, and activate a broad number of monitoring and control policies. The system can fully simulate proposed rule sets and illustrate results prior to activation across months of historical data. The ability for administrators to quickly fine-tune rules and build in exceptions prior to activation allows for high-confidence rules that virtually eliminate false positives. PacketSentry leverages existing Active Directory systems, whereby any object changes in the directory will be automatically reflected in the PacketSentry system – reports, rules, alerts and search. This integration not only keeps PacketSentry current, but it also overcomes update and process gaps associated with heterogeneous systems, applications, fileshares, and databases. When a user moves from one group to another, PacketSentry will maintain monitoring and enforcement policies between said groups – even if the systems at the application level control has not kept up with the directory change. PacketSentry policy enforcement is precise with options for standard console, SNMP, and e-mail notification. Furthermore, the system can prevent unauthorized system access, data access, or application use. Identified violations or suspicious activity can be recorded, a warning to the perpetrator can be sent, and the network action can even be prevented from being fulfilled. This continuous monitoring and enforcement capability spans systems and applications while avoiding the administrative and performance issues associated with agent-based and system-level controls. |
