While insider threats aren’t as prevalent as attacks from outside a network, insiders' malicious activity tends to have far greater consequences. Insiders know precisely where to go to access the most sensitive information, and they often have ready means to carry out malicious actions. One way to detect and protect against such threats is to log, monitor and audit employee online actions. Today we'll look at three products that are well suited to detecting insider threats. (Compare Data Leak Protection products)

In April 2008, PacketMotion released its new PacketSentry 3.0 product. PacketSentry provides a thorough level of detail about what each user is doing on the network, and it presents that information in language business people can understand. Because the data is real-time, it’s possible to identify improper actions and respond immediately.

PacketSentry connects directly to Active Directory so that network activity can be traced to specific users instead of to IP addresses. A probe captures network traffic and merges it with the Active Directory information, creating "user-action records." Rules can be applied to the user-action records to define which activities are out of bounds in a business context. When a rule is being violated, an alert prompts an appropriate response.

For example, suppose a bank teller has full privileges to view customer account balances as part of her job. It would be unusual, however, for the teller to view the balances of hundreds of accounts in one day. This type of activity might indicate she is looking for a target account from which to siphon funds. An administrator can establish a rule to create an alert or other action if the teller views too many accounts in a period of time. PacketMotion calls this "actionable intelligence."

The PacketMotion product comprises two appliance components: the PacketSentry Manager and the PacketSentry Probe. A third component, the PacketSentry Branch Probe, is available for remote-site coverage. The probe component gathers user-activity records, and detects and can enforce policy. The manager component administers policy and collects the user activity data, and generates alerts for analysis. All user activity is captured, analyzed and controlled in real-time.

Whitepapers

• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper
• Driving Business Success Through Workgroup Choice and Flexibility
• Toward More Flexible, Next-Generation Collaboration Solutions
• Collaboration Tools and Organizational Success Whitepaper
• The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise

View more SECURITY whitepapers

Webcasts

• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions
• Transforming the Enterprise WAN Edge: Video from Cisco

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports