Sandstorm blog

On Monday, January 11, 2010, the field of digital forensics experienced a huge leap forward with the acquisition of Sandstorm Enterprises by NIKSUN, a premier provider of high-end real-time enterprise network surveillance solutions. Here's a link to the press release for more details:   http://niksun.com/news.php?id=36

What does this acquisition mean to Sandstorm customers?  

All Sandstorm products and services continue to be available via the Sandstorm phone number, web site and email addresses.

"The whole Sandstorm team is excited and is looking forward to integrating with a visionary organization like NIKSUN" said James Van Bokkelen, Sandstorm's President. "The combination of NIKSUN's resources and our experience will take our products to the next level making them #1 in their categories and providing a long term benefit to all of Sandstorm's customers."

What does this acquisition mean to the industry?

This  synergistic union of the brightest technical and business minds gives security professionals an extra arsenal of protection against Cybercrime, and strengthens the value in network monitoring and analysis tools.

 "The technical excellence of Sandstorm's software, further enhances NIKSUN's strong position in the network security area." noted Dr. Parag Pruthi, NIKSUN's founder and CEO. "I am thrilled about the new and talented professionals that will be added to our team and will work with the NIKSUN team to integrate Sandstorm's technology with NIKSUN's solutions. Once complete, we expect to introduce a whole new standard for intelligence gathering, monitoring, data leakage prevention and forensics."

With NIKSUN, you can Know the Unknown TM.   Visit  www.niksun.com for more information on NIKSUN'S patented technology and  award-winning products.

Dear Customers and Friends of Sandstorm Enterprises,

The Healthcare Industry is experiencing explosive change due to government mandates and regulations that hospitals and healthcare facilities "clean up their act" and catch up to the corporate world through the use of technology. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires companies to adopt administrative, physical, and technical measures to protect the confidentiality, integrity, and availability of certain health information. In addition, the stimulus act signed by President Obama directs $17 billion to doctors and hospitals, beginning in 2011, that make "meaningful use" of electronic medical records. In 2015, health care providers may face financial penalties if they are still using paper charts.

The pressure is on, but many hospitals aren't ready to act. Hospitals and physician offices frequently do not have the funds or the staff to support such major changes in their workflow. The promise of the stimulus money, while an incentive, does not go far enough as it is still unclear as to how the government defines "meaningful use."  This dilemma is forcing hospitals to act before knowing if the actions they are taking will meet the compliance rules and laws.

The immediate problems that hospitals face will be dealt with in due time. There are many vendors out there ready to assist hospitals with their automation, such as Picis, Inc., a Massachusetts based company that provides software to automate the data and workflows in the OR, ER, and ICU, or Lynx, a Seattle-based company that provides software to financially optimize Emergency Departments through sophisticated billing and coding algorithms. Some of the giants (McKesson and Siemens for example) are no doubt counting on the stimulus money going to hospitals to stimulate their own businesses, vying to be the vendor of choice for hospitals and health care facilities taking the plunge into automation.

Once hospitals and healthcare facilities are up and running on their chosen systems, however, a much larger problem looms. Although the introduction of electronic records will serve to reduce medical errors, health care facilities will also be subject, like everyone else, to hackers ready to steal sensitive medical, credit card, and personal information. Hospitals must hire extra IT security personnel to oversee and protect the data that their new IT systems house while securing their networks to fend off the onslaught of cyber attacks, to which no business is immune.

Hospitals must factor into their budget, along with the IT system or systems they purchase, the management of their networks in which their sensitive information travels. A firewall and an intrusion detection system (IDS) or intrusion prevention system (IPS) is not enough to secure a network. A network forensic appliance tool (NFAT) such as Sandstorm's NetIntercept can help hospitals to better protect themselves and their patients through sophisticated and cost-effective network monitoring, patented digital forensic capabilities, and a chain-of-custody feature that allows digital signatures in the event the data ever ends up in court. For many hospitals, a network forensic tool not only helps to protect their sensitive data, but can also protect their IT investment.

Cyber Crime is a very lucrative and sophisticated business that, in true Internet fashion, spans the globe. It doesn't matter where a particular data breach occurs; its effects can be felt throughout the world.

The US-based supermarket chain, Hannaford Bros. Co., was recently hacked, compromising up to 4.2 million credit and debit cards, as revealed in a letter from Hannaford general counsel Emily Dickinson to Massachusetts Attorney General Martha Coakley and Gov. Deval Patrick's Office of Consumer Affairs and Business Regulation.

Even while Hannaford was being hacked, the company was found to be in compliance with security standards required by the Payment Card Industry, a coalition founded by credit card companies. Hannaford spokeswoman Carol Eleazer said the company didn't know how the malware got onto its 271 stores' servers.

If companies like Hannaford that are suffering from data breaches utilized a Network Forensic Appliance Tool (NFAT) on their networks, they would have the historical data as well as the means to analyze the problem. Configuring the NFAT to monitor and store all traffic coming from the critical ports (for example, the server ports connecting to the supermarket stores that routinely transfer the credit card information) can safeguard against these types of breaches. In identifying the weak link (the offending protocol, port, connection, or server) within the network, companies can not only act quickly to mitigate the problem, but also prevent similar attacks from happening in the future. An NFAT such as NetIntercept can get to the heart of the problem quickly and efficiently because it captures all traffic (no data is thrown away) and it captures the full packets, not just the packet headers (which could actually be hiding or spoofing the malware.)

Another troubling part of this story is the fact that this North American data breach was responsible for more than 1,800 cases of fraud with unauthorized charges coming from far away as Italy, Bulgaria, and Mexico. Credit card information was quickly and efficiently sold to recipients in several other countries. As critical as the Internet is to connect businesses to its customers, it also serves as a platform for worldwide, organized cyber crime.

Crackers have a very lucrative business; they are increasing in numbers and are getting sophisticated. Your security solution must also be sophisticated. Having a Network Forensic Analysis Tool (NFAT) such as NetIntercept allows you to combat and diagnose problems quickly and efficiently so that you can take control back of your network. Organizations that don't own an NFAT are much more likely to find out about security breaches through their customers, the government, or the press.

Security seems to be getting all the attention these days. How can it not, with recent headlines such as the data breach the University of Florida suffered that put 333,000 patient records at risk or the 33,000 Halifax Health patients that were notified that their personal information was at risk for identity fraud due to a system intrusion. The need to counteract and prevent such breaches with robust tools (such as NetIntercept) is a no-brainer.

But there are other uses for network monitoring and network forensics tools that have been gaining ground lately. One of those uses is for developers who want to see what their code is actually doing across the network by watching and viewing the traffic right down to the packet level. Another use for NetIntercept is in the operations area for the folks who need to manage and monitor their sometimes humungous networks.

I talked to one developer recently who was interested in using NetIntercept to increase his productivity of writing code for a computer gaming company. He wanted to monitor the UDP and TCP messages going back and forth between the client and the server, check to make sure his code was working properly and that the response he was getting is what he expected. He told me that the biggest value he saw in NetIntercept was that you can see the actual contents of the packets, not just the headers (as is the case for most tools in the market today.) Being able to view the traffic right down to the packet level gives you the actual data, including the contents of files. It also protects the data from being "spoofed" and will actually show you that it was spoofed in the first place!

One of our biggest customers is using NetIntercept to monitor their service level agreements. They are a large phone company that services many users while also employing outside services from many other sources. NetIntercept enables them to monitor all of these services that are interacting across their network and ultimately servicing their customers. It gives the operations folks peace of mind knowing they can quickly and accurately troubleshoot any problems on their network.

While NetIntercept is classified as a Network Forensics appliance, its usefulness to developers and network operations makes it just as valuable as it is to threatened security.

For most people, the word Hacker creates visions of an ingenious but immoral computer geek at the keyboard trying to steal your credit card information, identity, or bank account information. But the term "Hacker" was not originally intended to be associated with Internet crimes; rather, it was an endearing term to denote a subculture of like-minded people who cared about open-sourcing, sharing, and really understanding the ins and outs of the systems they worked on. The Hacker subculture is said to originate at MIT in the 1960's, but at the same time and all over the US these subcultures grew independently, such as at the University of California, Berkeley and Carnegie Melon University.  These groups of academics shared similar philosophies of a dislike of secrecy and standards, preferring freedom to "hack to learn" and open-sourcing.

RFC 1392 that contains the Internet Users' Glossary defines a hacker as "A person who delights in having an intimate understanding of the internal workings of a system, computers, and computer networks in particular."  The original academic Hackers of this nature tend to be focused around Unix and TCP/IP.

For a true Hacker, who loves and respects this technology, it is somewhat of an insult to be degraded in the media and through mass-hysteria in a negative light. While a true Hacker loves and respects technology and wants to use it to further the progression of the Internet and networking, the type of Hacker the media denotes is one that uses technology to "do harm" through theft (identity, monetary), viruses, and illegal network security break-ins. True Hackers call these low-lifes "Crackers" and it is the job of Network Forensic tools to crack down on those Crackers.

Crackers or Hackers, the term is a moot point for IT professionals who are tasked with protecting their company's network. While true Hackers are worthy to be hired on their merits of ingenious know-how into the inner workings of networks, Crackers, on the other hand, are suspect based on acts of infiltration, and worthy of investigation. What better tool for investigation but NI, Sandstorm's authoritative Network Forensics tool.

There is a comfort in knowing the engineers behind NI. If you stop to consider the people behind the technology, you may feel an extra sense of security that the architects behind NetIntercept are former MIT geeks who "get it." NetIntercept, the brain child of James Van Bokkelen, takes into account untold years of experience and networking knowledge.   With a high percentage of dollars going into R&D, the world gets a superior product - a comforting thought when you're in the hot seat because a Cracker got the better of you.