November 2006

Store More with GigaStor

The “StorMore” promotion allows you to nearly double the hard drive capacity of any new GigaStor ordered between October 3rd and December 15th. With StorMore, for the price you pay for a 2 TB GigaStor, you’ll receive 4 TB of storage. For the price you’d pay for a 4 TB GigaStor, you will receive 8 TB of storage. For the price of an 8 TB GigaStor, you will receive 12 TB of storage.

Learn More about StorMore.

In Practice: Compliance and Corporate Governance Enforcement

Summary
The role of network administrators has changed greatly, expanding from one of simple network troubleshooting to include ensuring corporate compliance with government regulations as well as network use policies from HR. GigaStor, as a network forensic solution, plays an important role in ensuring compliance by validating the effectiveness of your existing network security infrastructure and providing documentation of any policy violation.



Network administrators face a dynamic and daunting challenge in monitoring and ensuring compliance with government and industry regulations as well as network use policies from HR. While there isn’t a single answer or solution for guaranteeing compliance, network forensic solutions, such as GigaStor, can play a critical role in enforcement by capturing all packet level data and:

  • providing proof of malicious activities or policy violations that have transpired
  • documenting any potential infraction for investigation or audit purposes  

With federal regulations, such as the Sarbanes-Oxley Act (SOX) and HIPAA, network administrators play an important and active role in helping ensure corporate compliance. Such regulations require that private information, including financial records or client data, be secured from unauthorized access. SOX, for example, in Section 302 requires documentation of information flowing to and from devices that store company information. The GigaStor can be used to track all communication to and from any device or segment of interest. In the case of HIPAA, an organization can inspect protected health information (PHI) to verify that it is properly secured as it traverses the network. For example, the GigaStor could verify that a specific email transaction containing PHI was properly encrypted as mandated by a healthcare organization’s policy. In addition, the GigaStor can also be used to provide evidence of a known infraction, and to later serve as documentation on how the issue had been corrected in an audit. From a constant data capture, a GigaStor records all transactions occurring on the network, and through stream reconstruction can provide proof of data transfer or network connection that occurred.

Beyond ensuring compliance with regulations, network forensic tools can be used in the investigation of an acceptable use policy (AUP) violation. In a recent example, an employee at a financial organization was being reviewed for termination by the human resources department. The employee was accused of browsing inappropriate web sites on company equipment. The IT department was required not only to provide domain names, but proof as to what specific content the employee viewed.

Traditional methods of tracking user Internet activity, such as a URL filter, can only provide domain names or the URL, but cannot show the exact content being displayed at the time the user viewed the site. If the web sites suddenly cease to exist or change their content, providing adequate documentation would have been impossible for the company. Rather than relying upon their URL filter, the organization used GigaStor to record network traffic, in its entirety, and reconstruct the original data streams to document the offending web content.

As a part of an overall strategy for ensuring compliance and enforcing network use policy, GigaStor validates the effectiveness of your existing network security infrastructure and provides the proof necessary for enforcement of corporate policy.



Tech Tip: Reconstructing the Data Stream

For investigating network policy violations or compliance issues, you can use Observer’s ability to reconstruct TCP streams. This feature lets you recreate and view web pages visited, emails received, and even VoIP call audio captured TCP traffic.

Before reconstructing these communications, you must first capture the data stream. With the GigaStor, simply use the GigaStor control panel to select a time period to investigate. For any other probe, just start a standard packet capture and then save it to disk.

From the decode window, click the Expert tab and then the TCP Events button. To reconstruct a web page, right-click on any TCP communication pair and select Stream Reconstruction.  

In Practice


The Stream Reconstruction contains a summary of the web-traffic activity, email, instant message, or VoIP conversation, and a link to the actual content that was downloaded. Clicking the link will reconstruct the web page for any HTTP connection, including images.  Note that when reconstructing web pages, some portions of the page may have been cached before the capture session, and so will not be available in the TCP stream reconstruction.

 

 

 

In Practice

In Practice



   
 

 

reviews
VIAVI Solutions Introduces 10GbE
VIAVI Solutions unveiled its latest list of appliances, designed to get ahead of the 10 Gigabit Ethernet market and help customers monitor those links with the speed and scale needed.

Read article >>

reviews
SOX and IT
How Observer® can help IT Professionals comply with the data practices components of Sarbanes-Oxley.

Read white paper >>

reviews

Orange County, CA. Dec. 4-5

Brasted, Kent, UK Nov. 21-22

reviews

Herlev, Denmark, Nov. 21