Sandstorm Enterprises® : NetIntercept® Case Studies
Sandstorm Enterprises® Niksun

Directional arrowsSandstorm Home

Directional arrowsPress

Directional arrowsProducts

Directional arrowsSales

Directional arrowsSupport

Directional arrowsPartners

Directional arrowsBlog

Directional arrowsAbout Sandstorm

Get a Quote
Print View
NetIntercept® Case Studies

NetIntercept Solves a Half Million Dollar Credit Card Scam

June 1, 2009



Overview

This major hospital located in Boston, Massachusetts serves more than 250,000 people annually with surgical and clinical expertise second to none.

Challenge

The Cyber Security department was notified that illegal credit card charges of over $500,000 had appeared on stolen social security numbers, from numerous locations throughout the hospital. The wireless network, while internally developed, must serve numerous locations and departments. Tracking the various locations and departments through the two ISP sensors has proved to be an immense task.

Due to the numerous access points it is extremely difficult to detect and block malicious traffic. Because of these flaws in the network, cyber thieves gained access to much of the sensitive data within the hospital systems. These systems are not limited to just billing information, but also patient and physician data records.

Ideally, the cyber security department would like to catch, analyze and track malicious traffic, in real time mode, but realistically this is almost impossible to do. Most cyber crime is discovered "after the fact" by data mining complete packets of data. The only cost effective way to accomplish this is to use a packet analyses system.

Solution

The cyber security analyst assigned to solve the crime had a background in numerous data mining packages, including Sandstorm's NetIntercept monitoring and forensics system. By using a laptop computer running FreeBSD and Sandstorm.s proprietary software, the analyst quickly parsed historical data and was able to track the data to the specific IP Addresses. Once this was accomplished the federal authorities were notified and apprehended the perpetrators.

Sandstorm's package allowed the analyst to accomplish this in half the time it would normally have taken him, by using the following NetIntercept functions.

NetIntercept session reconstruction, using patented heuristic traffic analysis to detect spoofing and non-standard port usage, un-wraps compressed files, reconstructs files sent over the network, and searches for keywords and phrases.

NetIntercept presented the analyst with a Result Set of session data, powerful search tools for investigation and analysis, graphs and reports, and access to all the reconstructed files including raw packet-by-packet data analysis.

NetIntercept allowed the user to store entries related to a single incident, or establish an ongoing incident log, in the Investigators Notebook. Entries can be automatically linked to connections, images, bookmarks, and full Result Sets.

The Power of NetIntercept's Network Analysis allows the user to:

  • Dramatically Increase Network Security - Promote understanding of the content travelling over your corporate network. Inappropriate network content and user misbehavior become hard to miss; setting and enforcing policy becomes easy.
  • Proactively Mitigate Liability - Expose legal and regulatory infractions committed via the corporate network. Armed with the facts from NetIntercept, you can readily address infractions and prevent recurrence.
  • Maintain Service Levels - Detect network problems before they disrupt the company's day-to-day work. Routine deep-traffic analysis with NetIntercept ensures finding potential points of failure early.
  • Accelerate Development Cycles - Efficiently debug networked applications under development. NetIntercept's easy access to session- and packet-level analysis quickly remedies misbehaving network applications and protocols.
  • Manage Network Forensic Evidence - The Investigator's Notebook helps you to document and store entries for a single incident or establish an on-going incident log.


NetIntercept silently captures and archives network traffic, giving you all the data needed to analyze problems on a moment's notice.

NetIntercept lets you look back in time, keeping hours, days or weeks of captured traffic immediately available. NetIntercept's deep heuristic stream recognition, analysis and data mining capabilities let you identify and study important connections efficiently, focusing on fixing the problems, not just finding them.

Download the demo
and discover: The Truth is on the Wire.


Download the NetIntercept Datasheet (90KB)
Download the NetIntercept Datasheet (90KB)

Sandstorm's Products grey arrow
Order / Get a Quote grey arrow
Contact Us grey arrow
Back to topgrey arrow
Sandstorm Enterprises develops
tools with sharp edges®
for information security professionals.
Site materials © 1998 - 2010 Sandstorm Enterprises, Inc. The Sandstorm logo®, LANWatch®, NetIntercept®, PhoneSweep®, Sandtrap®, TCP.demux™, Single Call Detect™, Tools with sharp edges®, Rapid Event Analysis™, and Sandstorm Enterprises® are all trademarks or registered trademarks of Sandstorm Enterprises, Inc.