- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
Most companies are not prepared for the CEO's worst nightmare: insiders disseminating sensitive data electronically. It only takes one insider to expose a company's most vital assets, destroying its brand, reputation and shareholder value.
Network content-monitoring hardware appliances equipped with risk-discovery engines can provide visibility into the data entering and leaving a network. They can help enterprises protect, for example, customer data and intellectual property, and help organizations comply with regulations.
Risk-discovery engines passively monitor inbound and outbound traffic at wire speed, flowing over a network regardless of protocol or port. TCP flows are captured, reassembled and analyzed in real time to identify threats and send alerts.
Pre-defined and custom policies that perform pattern matching can be applied to traffic to identify information. An engine also can be configured to store traffic that violates policies, as well as traffic that does not trigger them, and can make the latter available for querying over historical datastreams.
Content-traffic profiles and business and IT stakeholder dashboards are presented through a secure browser connection to provide an incident's context. An administrator or user with role-based permission can view original content, such as a PDF, and its associated transmission metadata, such as source and destination IP and user.
One example would be Social Security numbers leaked via an outbound e-mail. A risk-discovery engine would detect the Social Security numbers in the e-mail and alert security and compliance personnel. It could then reveal, for example, that the data was being e-mailed in error reports generated by a misconfigured application server.
IT personnel could reconfigure the application server and firewall to stop outbound e-mail from unauthorized mail gateways.
As TCP flows were reconstructed, the risk-discovery engine would identify the protocol and content type. Even if the protocol was unknown, the risk-discovery engine would continue to scan until it identified the content object. For example, "port-agnostic" support means no content transmission would be missed if SMTP e-mail was sent over ports other than Port 25, from which it is usually sent.
Comment