- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Yet another term describing products that monitor the transmission of data out of your network is "Exfiltration Detection System" (EDS). This term is predominantly used in the military, but it is the most explanatory in use today for this class of products.
EDS wares are supposed to detect violations of regulatory, legal or corporate data-transmission rules. If they work properly, people will get reprimanded at best and prosecuted at worst. Therefore, they must stand up under microscopic scrutiny to influence the jury if the situation warrants it.
Because the consequences of EDS monitoring can be grave, the technology must be carefully examined before deployment to make sure the information it provides is completely accurate. Before you buy, be sure you drill the vendors hard on how the following issues would impact the validity of a claimed policy violation. If you don't, the witness chair could well become your own hot seat.
1.) What is the scope of detection?
Find out what kinds of data the EDS detects. Ask for documentation on the types of protocols, data formats and data format combinations the EDS supports. You need to have this as separate documentation, not just an online help screen, so you can show an auditor or external authority in hard copy. If you don't have this information in hand, you can't make a verifiable claim as to what sort of information is monitored over time.
2.) What is the measurable efficacy?
How effective is the EDS at detecting violations? Is the level of efficacy consistent with your requirements? If the product claims to detect U.S. vehicle driver's license numbers, does it cover all 50 states? If it claims to detect Social Security numbers, does it report a false positive when 000-00-0000 is transmitted? Make sure you have a clear description of what it will detect, and make sure it can be tested during maintenance or an audit.
Be careful of tunable parameters. If an EDS can detect leakage of credit card numbers, make sure you know when it will report the leakage. If it waits for 200 or more credit cards to leak and you thought it would report every individual violation, you are not really protecting the information as you claimed.
Check the efficacy before you look at performance or blocking capabilities, because if a product can't detect things, it doesn't matter how well it is at blocking. And if it can't detect properly at low speeds, then there is no point in attempting to deploy it in a high performance environment.
Partner Content
NetScout is one of the world's premier providers of integrated network and application performance solutions.
www.netscout.com
Know First
Get Proactive — Move from Troubleshooting to Monitoring to Management with nGenius K2's Service Dashboard & Intelligent Early Warning Alarms
Watch the Video
Know Where
Get Rapid Performance Problem Isolation with nGenius Performance Manager and Diagnose Problems up to 70% Faster!
Learn More
Know Why
Get the Details to Validate and Solve your Toughest Performance Issues with nGenius InfiniStream and Sniffer Intelligence Modules
Read the Whitepaper
Comment