|
|
 |
|
NetIntercept® Case Studies
|
| |
|
Deploy NetIntercept at Work
Significantly Increase the Productivity of Your Staff
In almost all organizations today, networks are a vital information channel.
Critical accounting and sales fulfillment tasks often rely on file sharing
over an intranet. External interactions like purchasing and sales
depend on electronic mail and the World Wide Web.
But the speed and flexibility of networking technology makes it very
hard to keep track of how it's being used -- or mis-used.
For example, consider how your organization would handle problems like these:
External Attack
Intrusion detection systems only record "significant events." Should
an attacker or a virus slip past an IDS's defenses, there won't be any
record of how or when. You won't know the scope of the problem until
your system administrators have reviewed log files on all vulnerable
machines, and in the meantime you might have to disable part or all
of your intranet to prevent damage from spreading.
Cleaning up after a virus infection or a break-in could
require hundreds of hours of work; the indirect costs of information theft
and/or a network shutdown could increase that into the thousands.
Network traffic logs can save time and effort in two ways: first, by
informing efforts to contain the problem soon after it is detected,
and second, by showing the cleanup crew whether a system they examine
needs further attention. But few organizations do enough routine logging
and analysis to really help in these situations -- the old tools were just
not really adequate for the tasks.
With Investigator's Notebook, you can build case files recording both
entries and notes by user ID, that will be kept on file for a complete
time stamped audit trail.
System Malfunction
Network applications are often complex, requiring multiple exchanges
between different systems to do what looks like a simple
job. Finding a quirk in your electronic storefront that occasionally
generates an incorrect shipment or inventory update typically involves
auditors to detected it, testers to reproduce it, and application
developers and systems administrators to implement the fix.
If the problem can't be solved with the information in your routine
log files, either your network operations staff
or an outside consultant will have to collect and analyze network
traffic to find the point of failure. If unsophisticated tools are
used because they're already on hand, or available as freeware,
checking thousands of connections can take hundreds or even
thousands of hours of tedious and painstaking work.
Staff Misbehavior
It's a rare organization that doesn't have a few bad actors, and the
growth of networking gives them more room to misbehave. Log files
won't tell you who has learned how to disguise their identity when
sending an inappropriate e-mail, or that the attachment a malcontent
sent may have been titled "Baby Pictures" but actually showed a
product prototype. It doesn't take much effort to sneak traffic from
a private web server, file sharing system, or chat server on your
corporate net past a firewall.
Complete logging of all network traffic is a critical first step
towards nipping bad behavior in the bud. But logging isn't very
useful without analysis. Various tools have been available, but they
require esoteric knowledge to use, and even in the hands of an expert,
the process has been very slow. Comprehensive examination of an individual's
activities might take a day to set up, and then several more hours
a day for analysis until enough information has been collected. As a
result, most organizations only log traffic when actively
investigating. So by the time the investigation even starts, the damage
has usually been done.
How NetIntercept Increases Efficiency
Traffic Archiving
NetIntercept logs all your network traffic,
all the time. The number of days accessible online depends on the
volume of traffic to be logged and the amount of storage you purchase
for NI. This reduces costs because:
- IT security personnel and system administrators can analyze the actual
record of an attack, rather than try to re-create the attacker's actions
from the mess that was left behind.
- Software developers and maintainers don't need to wait for a system
problem to recur before it can be analyzed and fixed.
- If information is leaked, or inappropriate content transmitted, your
auditors and IT security staff have a record of how, when and where it
originated, and where it went.
Sophisticated Search Capabilities
An analyst using NetIntercept can
efficiently search for traffic generated by a particular user, to or
from a particular system, or involving a particular file. This
improves effectiveness by:
- "Finding the needle in the haystack" - IT staff can find one problem
session easily, even against a background of 100,000 normal sessions.
- Letting security personnel or auditors investigate individual
misbehavior without invading the privacy of the rest of your staff,
customers or business partners.
High-level Presentation and Analysis:
NetIntercept selects only the
network traffic your employees are interested in, and displays it in
an easy-to-use graphical form. This conserves resources because:
- Staff assigned to use NetIntercept needn't be as trained or specialized
as they would be to use less-sophisticated tools. This may allow your
company to keep auditing and analysis in-house, reducing or eliminating
the need for expensive consultants.
- Efficient analysis lets your staff monitor your network more closely,
and investigate and solve problems you used to have to put up with for
lack of resources.
Everyone who has been responsible for a business network knows they
need to be prepared for an unpleasant surprise now and again. Using
Sandstorm's NetIntercept for logging and analysis will help your staff
solve more problems, faster and more effectively, with less need to
engage outside consultants and troubleshooting teams at high hourly
rates.
|
Download the
demo
and discover: The Truth is on the Wire.
|
|
|
Sandstorm Home
Products
