PacketMotion upgrades file security appliance

Using PacketMotion's appliances is like hiring the FBI to open a file on your network's users, applications and data to see who is accessing what and when.

PacketMotion's PacketSentry Probe and its PacketSentry Manager appliances collect data on users access of files and documents from the network's file servers and network-attached storage (NAS) devices, in order to highlight security breaches that are taking place.

"Figuring out what is going on in the internal network is just too difficult," says Scott Ruple, vice president of marketing at PacketMotion. "The problem is if you don't know who is on your network, what applications they are using and the data they are accessing, you don't have internal security."

Collecting this information in the past meant manually scanning application and identity management logs to find breaches in network security and inappropriate access to information.

The PacketSentry Probes connect to the span ports of a router or switch as a proxy engine, where they receive, filter and analyze network traffic for information on who is accessing data or applications on that segment. The Probe communicates the data it collects with the PacketSentry Manager appliance, which connects to the Gigabit Ethernet network.

The PacketSentry Manager links the network traffic it receives from the PacketSentry Probes to Microsoft's Active Directory identity management system and identifies the applications the individuals are using by looking at the protocols information being transferred across the wire. This information can tell the administrator what file a user opened, copied or wrote, whether they had legal access to it and who they sent it to. The Manager maintains this information in a database of network activity that can be queried via SQL.

"The business-savvy IT manager needs to be able to comprehensively slice and dice information into recognizable components to help the business units run better," says Michael Dortch, senior analyst for the Robert Francis Group. "PacketMotion is translating the universe of events of information into something a business can actually use," says Dortch.

Right now the product analyzes Microsoft's Common Internet File System and Service Message Block (SMB) protocols, , as well as instant messaging and Outlook Web Access protocols. The company claims it will support the Unix/Linux Network File System in the future.

PacketMotion competes with log aggregation vendors such as LogLogic, ArcSight, Mazu and Arbor Networks, who pull in logs from different network devices in order to analyze event information. PacketMotion's activities focus primarily on file data.

The new version of PacketMotion - Version 2.1, which is being announced today - includes the ability export data gathered from its appliances to Microsoft Excel, where it can be added as objects to PowerPoint presentations or other applications.

The company, which was founded in February 2004 is funded for $17 million and has 48 employees.

Each probe costs $50,000; the PacketSentry Manager costs $25,000.