Challenge

The threat of information theft in today’s porous network infrastructures mandate the use of security surveillance and forensic methods to monitor relevant network traffic and assure that all incidents of information leakage are identified, recorded and made available to those responsible for policy breach investigations. Furthermore, these tools must be flexible enough to adapt to an organization’s cultural and operational environment, providing detailed forensic evidence to a wide range of consumers, from information security specialists to compliance auditors and legal professionals.

Solution

NIKSUN’s NetDetectorLive provides real-time surveillance over enterprise networks, monitoring content within applications to ensure policy compliance, be they internal or regulatory (PCI, SOX, HIPAA, etc.) policies. It also provides visibility and control over how sensitive information is being accessed, received and delivered on the network. Such actionable and accurate analysis into the actual content of applications provides great degrees of insight into how services and applications are being used, if any activity is non-compliant with internal or regulatory policies and whether the organization is adhering to best practices models such as ITIL, Six Sigma, etc.

How it Works

NetDetectorLive constantly records and matches the content of all or a filtered subset of applications running on the network with internal and regulatory policy definitions. Users may then search the NIKSUN Network Knowledge Warehouse to understand how sensitive information is moving from one place to another, who

NetDetectorLive™Real-time Application Content Monitoring for Policy Compliance

Features & BenefitsReal-time inbound and ~~

outbound application monitoring with granular content search

Be alerted to internal and ~~

regulatory policy breaches as they occur

Reconstruct application ~~

sessions and policy violations for audits and evidence

Support for lawful intercept ~~

and CALEA

Capture and store all ~~

communication sessions to search current and historic user activity

Replace manual investigation ~~

processes with proactive discovery, classification and analysis of diverse applications and protocols

Full-packet capture and ~~

analysis on a variety of interfaces

Mask sensitive data (such as ~~

CCNs and SSNs) to ensure strict policy compliance

Role based access control~~

Plug & Play device with web-~~

based user interface

Protect intellectual property from information leaks,

theft, unauthorized access, insider threats and abuse

Internal and regulatory compliance verification (PCI, SOX, HIPAA, GLBA, EU Data Protection Directive, etc.)

Lawful intercept for CALEA warrants; reproduce non-

tampered network events as evidence in a court of law

Clear understanding of the when, what, what else, how of non-compliant network

events

Alignment of performance and security tools to best practices (ITIL, Six Sigma,

CQI, CMI, FCAPS, etc.)

Know the UnknownD

ATA

SHEE

T

Summary of Sessions not in Compliance

About NIKSUN: NIKSUN is the premier provider of patented multi-timescale network and security monitoring and real-time analysis solutions that identify, alert, analyze and report on incidents that impact performance, security, compliance applications and services. NIKSUN’s Enterprise Solution is the only technology available today that offers large organizations the ability to consolidate views into globally distributed high-speed converged networks according to user responsibilities. NIKSUN empowers organizations to make fast, accurate decisions that assure network performance, security and compliance goals are met and data integrity is protected.

1100 Cornwall Road Monmouth Junction

NJ 08852t: +1.732.821.5000

toll free: +1.888.504.3336 f: +1.732.821.6000

e: info@niksun.comwww.niksun.com

moves it and what specifically is being transferred. Signatures, rules and search criteria are prioritized for effective and relevant detection of policy violations.

On detection of a violation, NetDetectorLive generates immediate alarms that identify anomalous events and link them to application sessions down to packet level information so forensic investigations rapidly conducted.

NetDetectorLive provides a clear path to understand the reason behind a policy breach, the context within which it occurred and can reconstruct it to analyze how, why and with what intent it occurred. Because all network packets are indexed, time-stamped and stored in the NIKSUN Network Knowledge Warehouse, it becomes very easy to identify the cause of the breach, which user(s) were involved, what information was leaked, whether it left the network, to whom it was sent and whether the event was innocent or not.

Application Reconstruction: Preserving the Truth

Besides searching network application content for sensitive information, on the occurrence of an anomalous incident a security administrator has the option to reconstruct the application session within which the anomaly transpired. NetDetectorLive can regenerate exact web, chat, email, FTP and other TCP/IP sessions, within the policy of local environments.

When the consequence of an incident is likely to be deliberated within a court of law, or before an authoritative body (for example: a human resources audit), the information within the NIKSUN Network Knowledge Warehouse can be presented not only as meta-data but also as an exact replication of the incident itself. Incompliant email, chat, web and other TCP/IP sessions can be reconstructed exactly as they occurred, allowing security administrators to see precisely what the violator had on their screens, as proof of a policy violation. NetDetectorLive’s ability to record incidents and present them as irrefutable evidence of the truth has proved to be of great value to customers, providing a basis for lawful action, non-repudiation and protecting the image of businesses in the face of society and vested stakeholders.

Technical Information

Network Interfaces supported (Full Duplex, Half Duplex): 10/100/1000 Mbps (copper/fiber), T1/E1, V.35, X.21, T3/E3, HSSI, OC3

Protocols Supported: TCP/IP, UDP/IP, IPv6, IPv4, Ethernet, MPLS, Frame Relay, PPP, Bay PPP, CISCO HDLC, PoS, ATM, MLPP, WCP, STAC, VLAN (ISL & IEEE 802.1q), IEEE 802.3 (Ethernet), IP fragments

Form Factors: A variety of 1U and 2U form factors are available. Internal storage starts at 500 GB and scales to 4.5 TB. Unlimited external storage available.

Integration: TACACS+, RADIUS, LDAP and Active Directory

Reconstruction of Chat Session with Credit Card Leak

NIKSUN, the NIKSUN logo, NetDetector, NetVCR, NetVoice are either registered trademarks or trademarks of NIKSUN, Inc. in the United States and/or other countries. Other product & company names mentioned herein may be trademarks of their respective owners. NIKSUN, Inc. shall not be liable for damages of any kind for use of this information, which is subject to change without notice and may include typographical errors and inconsistencies. Copyright© 2008 NIKSUN, Inc. All rights reserved. NK-DS-NDL09.1