Software keeps an eye on data leaving networks

Reconnex this week is launching its first product, a LAN appliance that tracks sensitive data as it moves around corporate networks and warns security staff when that data appears to have been compromised.

Called G2 Content Analyzer, the device hangs off monitoring ports on routers and switches searching for customer-designated data and logging any traffic containing that data. The device can filter traffic based on parameters including protocol, source and destination IP address and key words customers define.

Watching out

Software on the device reports where monitored traffic comes from, where it is going, and when and whether it is encrypted. It can trigger alarms to warn security staff that corporate policy about data privacy might have been violated, such as when sensitive data leaves the building over WAN connections.

The G2 is designed to protect against employees who try to read or steal data and those who inadvertently put it in jeopardy, says Reconnex CEO Donald Massaro.

New government regulations require companies to track when certain data leaves their networks, says Paul Hooper, CIO of Extreme Networks, which is beta-testing the G2 analyzer for internal use. Firewalls and anti-virus software address external threats, but "you need to protect outbound as well as inbound," he says.

Other vendors making similar gear include fellow start-ups Vericept and Oakley Technologies, says Eric Ogren, an analyst with The Yankee Group. The Reconnex gear can be installed with little disruption, he says. "They do this passively, without having to reconfigure network equipment or adding to desktop software," he says.

Sounding alarms

Because G2 analyzer is not in the data stream it cannot block traffic. "But they can send alarms and get all the powers that be scurrying about," Ogren says. Alliances with router and firewall vendors are planned so G2 alarms automatically can trigger other devices to shut down sessions that might be leaking private data, Massaro says.

Deciding what types of data should be watched can be daunting for a business, Massaro says, and should be delegated to individual departments to define. Departments then write policies regarding how that data is accessed, and the G2 appliance enforces them.

Reconnex consultants can configure the G2 or the user's staff can do it by filling out a form.

The analyzing device logs the traffic it filters so companies have a record for regulatory requirements or to provide legal evidence of wrongdoing. The device has 1.5T bytes of storage, and users have to wade through captured data to determine whether it represents a security breach.

The device can capture encrypted traffic, but not decrypt it. It also can detect steganography, which is the embedding of messages in images within images. The G2 analyzer can be set to note the movement of such traffic, flagging it as possibly suspicious.

Reconnex offers a 30-day evaluation service during which it sets up its G2 analyzer and reports on what it finds out about sensitive traffic. The evaluation costs $10,000 per device deployed.

A Reconnex appliance costs $40,000, but with applications customers typically want, the actual price is closer to $60,000, according to Massaro.