Risk-discovery engines mitigate threats - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!

Network World 360

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Get Real-world Advice on how to Cost Effectively Consolidate your Data Center Novell

Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

I'm an American, and my government-funded schools taught me that government censorship is bad! It's...- Ben

Join the Discussion

Risk-discovery engines mitigate threats

By Kevin Cheek , Network World , 02/27/2006
  • Social Web 
  • Email 
  • Feedback 
  • Close

Most companies are not prepared for the CEO's worst nightmare: insiders disseminating sensitive data electronically. It only takes one insider to expose a company's most vital assets, destroying its brand, reputation and shareholder value.

Network content-monitoring hardware appliances equipped with risk-discovery engines can provide visibility into the data entering and leaving a network. They can help enterprises protect, for example, customer data and intellectual property, and help organizations comply with regulations.

Risk-discovery engines passively monitor inbound and outbound traffic at wire speed, flowing over a network regardless of protocol or port. TCP flows are captured, reassembled and analyzed in real time to identify threats and send alerts.

Pre-defined and custom policies that perform pattern matching can be applied to traffic to identify information. An engine also can be configured to store traffic that violates policies, as well as traffic that does not trigger them, and can make the latter available for querying over historical datastreams.

Content-traffic profiles and business and IT stakeholder dashboards are presented through a secure browser connection to provide an incident's context. An administrator or user with role-based permission can view original content, such as a PDF, and its associated transmission metadata, such as source and destination IP and user.

One example would be Social Security numbers leaked via an outbound e-mail. A risk-discovery engine would detect the Social Security numbers in the e-mail and alert security and compliance personnel. It could then reveal, for example, that the data was being e-mailed in error reports generated by a misconfigured application server.

IT personnel could reconfigure the application server and firewall to stop outbound e-mail from unauthorized mail gateways.

As TCP flows were reconstructed, the risk-discovery engine would identify the protocol and content type. Even if the protocol was unknown, the risk-discovery engine would continue to scan until it identified the content object. For example, "port-agnostic" support means no content transmission would be missed if SMTP e-mail was sent over ports other than Port 25, from which it is usually sent.

1 | 2 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code