Solutions for Enterprise Networks Cybercrime continues to escalate, and all large enterprises dependent on computer information systems experience numerous intrusion attempts. Having strong security in place will deter many attacks, but will not stop them all. Even those organizations giving a lot of attention to security and spending significant amounts of money on it will fall victim to the next unknown threat. It's just a matter of time. There is just no way to foresee every possible system vulnerability and defend against every possible attack. When the inevitable penetrations do occur, it's critical for enterprises to have a process in place to allow security analysts to quickly contain the attacks, rapidly mitigate damages, and do a better job preventing the same exploits from happening again.

Challance

Large enterprises face a multiplicity of IT security challenges. The leakage of sensitive or confidential data is one example. According to the recent BERR Information Security Survey¹, 84% of companies do not scan outgoing email for confidential data. Of the 16% that do, most have no way of analyzing or replaying the associated network traffic to see the whole picture or scope of the incident. The same is true for other forms of network-based communication such as instant messaging, ftp traffic, remote shell, etc.

Obtaining, maintaining, and proving compliance with government and industry regulations is another challenge. Sarbanes Oxley, the Gramm-Leach-Bliley Act, PCI Data Security Standards, California Senate Bill 1386 and SEC guidelines are just a few of the numerous examples of federal and state regulations with varying compliance requirements. Add the self-imposed corporate regulations such as Internet use policies, document retention and use restrictions, and other information use guidelines and the burden to maintain and prove compliance becomes daunting. Especially if they are unable to see and demonstrate what is actually happening on the network.

Investigating the inevitable data breaches is of course another major concern for large enterprises. Without the ability to replay network traffic and determine exactly what occurred, security analysts spend critical time looking at mere snippets of the crime scene surrounding a data security incident. Often, they don't have the right data to determine if an incident is threatening or not and exploits and permanent damage can remain entirely unseen even after an investigation.

¹ BERR Department for Business Enterprise & Regulatory Reform 2008 Information Breaches Survey Technical Report

Network Forensics - The Solution

Network Forensics Appliances from Solera Networks help address each of these challenges by capturing and replaying all of the traffic on your network. This allows security analysts to see what has been accessed, who accessed it, where the data went, and any event that occurred on the network in full fidelity.

Solera Networks products provide the foundation for discovery, audit and compliance enforcement for information-specific mandates, and our proprietary OS and file system satisfies chain-of-custody evidentiary rules regarding the manner in which data is captured and stored.

Solera Networks captures data and streams it to storage in a format that can't be altered. Proprietary on-disk formats mean that any attempt to edit, alter, or otherwise modify will be evident. Moreover, Solera Networks' devices can be configured to have no IP address, making them invisible to the network they reside on. Simply connect to a network span port or tap and listen passively.

---