What's your anomaly?
Network traffic anomalies are not good. They often indicate security breaches, viruses, worms or other problems. Luckily for network administrators, a class of products called network anomaly detection systems is designed to find and analyze such problems so they can be quickly fixed.
One such product is Lancope's StealthWatch 5.0. The suite includes StealthWatch NC for native flow capture -- which observes communications flows into and out of internal networks -- StealthWatch Xe for network infrastructure and the StealthWatch Management Console.
Systems such as StealthWatch provide a wealth of information about a network's behavior with regard to protocols, ports, services, throughput and latency. Administrators can look at those statistics to better understand network activity.
Yes, Big Brother is watching. The signature-free StealthWatch System continuously monitors networks without requiring individually managed agents. It develops network intelligence by collecting and prioritizing traffic flow, and it pinpoints attacks against software vulnerabilities not yet known by vendors -- called zero-day attacks -- internal misuse and unnecessary exposures.
New features in the latest release include Custom Response for extending mitigation efforts enterprisewide, Worm Tracker for quickly resolving security incidents and the Application Verification Index to monitor the activity associated with applications such as instant messaging and peer-to-peer exchanges across open channels. In addition, Flow Explorer analyzes the network's security posture and health, and visualization and reporting tools provide instant snapshots of the network.
StealthWatch captures and summarizes transaction records for all network communications. With that information for forensic analysis, administrators can investigate and quickly fix problems.
Another brick in the wall
Gone are the days when a thief needed a bag to carry out stolen data. With the advent of CDs and especially USB memory sticks, unscrupulous employees can walk out with megabytes of sensitive data tucked into their shirt pockets.
That's where DeviceWall from Centennial Software comes in. This security package lets administrators block portable devices such as smartphones, CD burners and USB sticks from connecting to the network. Version 3.0 includes the ability to lock down wireless connections, including Bluetooth, Wi-Fi and infrared. It also offers enhanced permission control and increased granularity for managing connections.
DeviceWall centrally manages and automatically enforces acceptable-use policies. In addition, administrators can control access by user and device classes so that authorized users can work without having to dodge roadblocks. Administrators can grant read-only access to certain devices so users could, for example, view the files on a USB stick without being able to save anything to it. In addition, access to one type of device could be blocked while another type could be allowed to connect through the same port.
DeviceWall supports Microsoft Windows NT 4.0, 2000 and 2003 server/client, and Active Directory user groups for easy management. It also permits temporary off-line access. Automatic policy updates and version management make life easier for administrators who want to keep the system current.
DeviceWall 3.0's price is based on a per-seat model and starts at $10 per seat. Existing users can upgrade for free.