Solutions | Challenge

Insiders are an often neglected threat agent in security management. According to Computer Security Institute’s annual survey, 59 percent of respondents cited insider threats as the most pressing security issue, supplanting outside threats as the leading security concern. While management believes that the faceless and malicious hacker is the adversary and manages their security to reflect this single point of risk, there is evidence to the contrary that breaches, unauthorized data access and operational damage is more likely to occur from internal perpetrators.

Unfortunately, the insider, such as privileged users, contractors and partners, already has access and knows the value of the assets, how to elude discovery and has carefully planned the harm (based on their systems’ knowledge). Without tight, automated controls to manage the insiders access to critical systems and sensitive information, companies run the risk of service disruption, fraud and policy violations, data leakage, inappropriate system access and application use and business loss.

The majority of companies do not have the capacity to monitor access and acceptable use policies across diverse systems and applications. This problem undermines the integrity of countermeasures deployed, strains IT and security resources and exacerbates the risk of inside threat. Can your IT security organization easily determine…

What is the best mechanism to control user access to resources on the network?
How best to monitor what users are doing once they’re on the network?
If consultants and temporary employees accessing inappropriate information?
How to keep sensitive information from leaving the company?
How can companies protect their most valuable information from leakage?
How to expedite audits, investigations or proof of regulatory compliance?

PacketMotion Approach

PacketMotion listened carefully to its clients’ pressing internal security challenges and designed a robust product family — PacketSentry™ — the allows network security to be managed from a business and identity perspective, rather than by packets and ports. The result provides IT and security organizations comprehensive visibility and control on users and assets.

[+] Enlarge

PacketMotion delivers real-time control of insider threats by capturing user transactions at an unprecedented level of granularity and applying your policies to that data - at wire-speed, enterprise-wide. The PacketMotion solution:

Provides granular, deep packet analysis captures, decodes and correlates user activity and enforces information asset access policies in real-time at LAN-speed
Offers real-time visibility and control that is cross-platform and unobtrusive - without employing agents, receiving flows, or aggregating logs
Presents full transaction details of employee, contractor and unknown user access to critical data center assets – beyond flow trends and instances of IP addresses, ports and session data
Binds user identity to business-level transactions across servers and applications down to the specific database table, email, messages, directories and files the corporate network
Integrates with Active Directory imports, monitors and automatically applies directory object changes to respective PacketSentry monitoring details, rules, alerts, reports and dashboards
Delivers robust reporting and rules engine with built-in templates to reduce the time and costs of monitoring, compliance and control validation, policy management, security investigations, and operational audits
Strengthens acceptable use policy (AUP) through a browser interface that provides centralized, cross-organizational control as to what information assets a user can access once they are on the network
Delivers meaningful, actionable rule-based analytics via alerts, reports and dashboards