Solutions - Why PacketMotion?

The Insider Visibility Challenge

In a recent survey, over 90% of IT organizations said they lacked sufficient visibility of internal network activity. While there has been ample attention paid to protecting the perimeter, simple questions such as “Who accessed this file?” or “What are the VPN users doing?” go unanswered. This lack of visibility leads to a number of challenges:

Regulatory Compliance: Time consuming, expensive dedicated procedures must be implemented for compliance, eating up limited IT budget.
Data Protection: Critical or sensitive data unprotected and access unaudited
Security Investigations: Lack of solid forensic data to investigate suspected incidents. No risk management of insider threats — an increased problem in difficult economic times.
Data Identification and Classification: No awareness of new data repositories or applications in a dynamic environment

Given how critical IT infrastructure is to almost every business, it’s worth considering why this lack of awareness is so prevalent. The key reasons boil down to cost, complexity, and risk:

Cost: Implementing strong internal visibility solutions are too expensive, given the performance requirements and number of different applications in a typical network.
Complexity: Today’s IT infrastructures are complex at multiple levels: network, operating system, and applications. The complexity is not just technical; there are also organizational challenges in getting the multiple organizations responsible for infrastructure to cooperate to deploy and operate a solution.
Risk: Adding internal security involves installing and maintaining hardware and software that might affect the performance or availability of critical applications.

The PacketMotion Approach

PacketMotion designed an innovative product family to address the insider visibility challenge — PacketSentry™. The solution provides IT and security organizations User Activity Management: comprehensive visibility and control of users and assets, but without the drawbacks of high cost, complexity and risk. Unlike solutions that depend on logging sources, PacketSentry can be deployed in a morning, and will be providing business relevant audit reports, policy alerting and enforcement by the close of business that same day. Monitoring and controlling high-risk users such as VPN and wireless users, IT administrators, contractors, and employees who have given notice is now a few mouse clicks away. It provides change control management for Active Directory and Windows or NFS file permissions, and can even correlate the use of shared administrator accounts with the identities of the actual IT employees that use them. And perhaps most crucially, no server or client agents or in-line appliances means no risk to application performance or up-time.

Operational Benefits

PacketSentry’s passive appliance architecture was designed for ease of use and low operational costs, perfect for organizations with limited IT staff:

Automatic synchronization with Active Directory or other identity management systems — all network activity correlated with user identity
Single solution for a wide range of applications — eliminate training and operational overhead of point products
One tool for compliance and risk management — apply best practices across the organization
Simple web interface — Can be used by Security, IT and auditors with just two hours of training
Eliminate the “data overload” problem — exception reporting focused on high risk events
Multiple languages supported — Leverage solution and staff knowledge in international deployments

In today’s cost constrained environment, insider threat management must be effective, efficient, and operationally viable. Give PacketSentry a try in your network today and see how easy it is to quickly meet internal security and compliance challenges — with no risk to your data or applications!