LoveMyTool - Network Monitoring, CALEA, Lawful Intercept, Application Performance, Web User Experience, Web Analytics, Content & Database Security, IDS, Malware, Crimeware, SOX, HIPAA and PCI Compliance Auditing, Forensics, DPI, VoIP, IPTV ...

“[Lancope’s] StealthWatch performed so well during our evaluation that we did not pursue trials with any other NBA products”

-- Michelle Stewart, Manager of Data Security, AirTran Airways

Customer Profile: AirTran Airways, a Fortune 1000 company, offers passengers more than 700 affordable, daily flights to 56 destinations throughout the United States. The airline is the second-largest carrier at its hub, Hartsfield-Jackson Atlanta International Airport, and one of America's largest low-fare airlines. With more than 8,900 friendly Crew Members and free online booking, AirTran Airways makes travel both pleasant and convenient. The airline flies America's youngest all-Boeing fleet, composed of the fuel-efficient Boeing 737-700 and 717-200 aircraft. AirTran Airways was also the first to install XM Satellite Radio on a commercial aircraft and the only airline with Business Class seating on every flight.

Vendor Profile - Lancope®, Inc. is the provider of the StealthWatch™ System, the most widely used network behavior analysis (NBA) and response solution that unifies behavior-based anomaly detection and network optimization capabilities to protect critical information assets and ensure network performance by preventing costly downtime, repair and loss of reputation. StealthWatch streamlines security and network operations into one process, reduces time and resources, and eliminates the costs and complexity associated with non-integrated point products. Both OPSEC and Common Criteria-certified, StealthWatch received the 2007 Global Excellence Award in NBA and was named Best of Show at Interop 2006. Defending the networks of Global 2000 organizations, academic institutions and government entities, StealthWatch protects hundreds of enterprise customers worldwide, more than all direct competitors combined. Lancope is a privately held, venture-backed company headquartered in Atlanta, Georgia.

AirTran Airways Uses Lancope’s StealthWatch Network Behavior Analysis System with NetFlow to Help Demonstrate Payment Card Industry (PCI) Compliance

Editor’s Note: As everyone knows compliance is a necessity in today’s uncertain world of data communications. Along with compliance one must be deeply security conscious to protect their company and customers information, as one serious breach could bankrupt a company financially as well as ruin the companies’ reputation. Lancope, Inc. of Atlanta, Georgia is ready with their NetFlow-based StealthWatch solution. The Lancope solution not only can verify compliance but through the use of NetFlow is also a cost effective network monitoring and management tool.

PCI (Payment Card Industry) is not the only compliance we have to consider, there are as many as 14 domestic versions of compliance not including the State, International and Country specific compliance acts. We have individual industry compliance acts also.

So today’s Network Manager must be an expert in Network, Server, Infrastructure, Security, Compliance, Telecommunications, Application, etc. This is not practical and this is where specialized companies – like Lancope – are desperately needed to provide solutions that are deployable, affordable, flexible and technologically sound to help solve today’s complex issues and expandable to help with the next generation of issues.

When you read the case study below, you will see how Lancope’s StealthWatch solution has been proven through successfully helping AirTran Airways.

--OldCommGuy

Vendor Profile - Lancope®, Inc. is the provider of the StealthWatch™ System, the most widely used network behavior analysis (NBA) and response solution that unifies behavior-based anomaly detection and network optimization capabilities to protect critical information assets and ensure network performance by preventing costly downtime, repair and loss of reputation. StealthWatch streamlines security and network operations into one process, reduces time and resources, and eliminates the costs and complexity associated with non-integrated point products. Both OPSEC and Common Criteria-certified, StealthWatch received the 2007 Global Excellence Award in NBA and was named Best of Show at Interop 2006. Defending the networks of Global 2000 organizations, academic institutions and government entities, StealthWatch protects hundreds of enterprise customers worldwide, more than all direct competitors combined. Lancope is a privately held, venture-backed company headquartered in Atlanta, Georgia.

Jason Anderson is the VP of Engineering for Lancope.

Continue reading other LoveMyTool “It's Show Time” posts »

“Reconnex was the first product to show inbound/outbound ‘full data coverage.’ With Reconnex’s risk discovery capabilities, you can recursively search historical data for new or interesting items and bring in the data you need from an investigation point of view. With other tools, you may or may not have the data you need, depending on whether the proper rules had been developed and implemented. Reconnex has a scalable, purpose-built hardware solution to provide full coverage visibility and awareness to address the insider threat.”

-- Mark Butler, Security and Compliance Services Manager


Customer Profile - Mark brings a balanced and diligent approach in providing relevant, usable and secure technology solutions. With over 17+ years of well-rounded IT experience with the last 10 years being focused on building and developing information privacy and security programs and related compliance oversight and monitoring services. Mark has a successful track record of building and establishing teams of well rounded, top-tier talent that are quality oriented and provide unique and relevant approaches to business and technical challenges.


Vendor Profile - Reconnex is the leader in information monitoring and protection appliances designed for any organization – including enterprises, government agencies or educational institutions – that wants to protect its brand, maintain compliance, or secure sensitive information. Reconnex’s simple-to-deploy appliance delivers accurate detection while protecting an enterprise before, during, and after any threat to corporate privacy or intellectual property. A privately held company based in Silicon Valley, Calif., Reconnex protects information for over one million users today.





Challenges

• Protect customer information and the valuable brand
• Identify known and unknown threats
• Determine overall exposure to risk
• Comply with regulations

Solution

• Reconnex iGuard purpose-built appliance for information monitoring and protection

Benefits

• Safeguard brand and public reputation
• Provide full visibility to real-time andhistorical data
• Enforce policies
• Ensure regulatory compliance

Author Profile - Scott Turkow has 8 years of experience in the Enterprise Software space, primarily in Operations and Sales Ops roles. Scott is the Senior Operations Manager at Integrien Corporation, the leading intelligent systems management company that enables the predictable operation of mission critical applications. Prior to Integrien, Scott was with the Resource Management Software Group of EMC, which focused on the development and sale of automated network management products. A tri-athlete in training, Scott tries to be outdoors when he’s unshackled from his computer.

What Will They TAX Next?

Is “The Man” sticking it to you again this year? More often then not, when it comes to taxes, we stick it to ourselves. Which reminds me, do I still have time to itemize the building of a fallout shelter as a preventive medicine deduction?

For years, many organizations have been over-investing in IT assets and then wondering where the biggest chunk of the budget goes? I’m an IT tax professional (Suze Orman has nothing on me), so here’s a free tax tip that falls into the “overlooked deduction” department – it’s the “labor tax”, silly. And not necessarily in terms of headcount, but the manual effort tied to tasks that can, and should, be automated.

IDC says Management and Administrative costs will grow by 10% a year through 2010[1]. The largest component (30%) of overall IT spend is labor. Of this, the vast majority (77%) is just keeping the lights on (system & network management, HW & SW support and maintenance). And just to be clear, human costs for “running technology” will continue to increase as a percentage of overall costs unless you take a new approach. But unlike your relationship with the IRS, you have a choice. You can opt to pay much less of your “lights on” taxes. The key to this particular reduction is automation - the only long term answer to reducing management costs.

So why automation?

“We evaluated all the major vendors and Reconnex. Reconnex provides everything we need for content protection at a much better value point, compared to Vontu. Tablus did not meet our requirements, and Vericept does not provide forensic analysis ... Our job is content protection. There are 5000 clinical investigators globally. We need to monitor them because our research information is out there. There are also major outsourcing deals that need monitoring. If competitors gain access to any of this information, the cost to the company would be enormous. We want to know who’s giving data to whom. That’s where Reconnex comes in.”

-- Tom Bowers, Manager of Information Security Operations for a Fortune 100 Pharmaceutical Company


Customer Profile - Tom Bowers was previously the Manager of Information Security Operations for a Fortune 100 pharmaceutical company, where he directed information protection teams across the globe, including employee training, incident response and investigation of intellectual property loss.

Bowers is currently the Managing Director of Security Constructs, LLC and Technical Editor of Information Security magazine and SearchSecurity.com

Bowers holds the CISSP, PMP and Certified Ethical Hacker certifications, is a well known expert on the topics of data leakage prevention, global enterprise information security architecture and ethical hacking. He is also the president of the Philadelphia chapter of InfraGard, the second largest chapter in the country with more than 600 members. Additionally, Bowers leads the independent think tank and industry analyst group Security Constructs, LLC. His areas of expertise include aligning business needs with security architecture, risk assessment and project management on a global scale. He brings a real world, pragmatic approach to the business of security based upon his Fortune 100 enterprise experience in both the IT and Global Security functions.

Bowers has worked in the computer field since the early 1980s and uses his years of experience in penetration testing, security project management, security product evaluation and implementation, and computer forensics for clients on a consulting basis throughout the U.S. His most recent contributions to Information Security magazine include a cost-benefit analysis of various strong authentication mechanisms and numerous product reviews. He is the author of several white papers, articles and is a highly respected speaker at conferences and webinars.

Vendor Profile - Reconnex is the leader in information monitoring and protection appliances designed for any organization – including enterprises, government agencies or educational institutions – that wants to protect its brand, maintain compliance, or secure sensitive information. Reconnex’s simple-to-deploy appliance delivers accurate detection while protecting an enterprise before, during, and after any threat to corporate privacy or intellectual property. A privately held company based in Silicon Valley, Calif., Reconnex protects information for over one million users today.





Challenges

• Track information throughout the network
• Maintain control of information outside the network
• Prevent information from being compromised or leaked to outsiders

Solution

• Reconnex iGuard purpose-built appliance for information monitoring and protection

Benefits

• Protect intellectual property
• Enforce policies and enable comprehensive IT security
• Improve efficiency of security staff and provide peace of mind

Author Profile - Scott Turkow has 8 years of experience in the Enterprise Software space, primarily in Operations and Sales Ops roles. Scott is the Senior Operations Manager at Integrien Corporation, the leading intelligent systems management company that enables the predictable operation of mission critical applications. Prior to Integrien, Scott was with the Resource Management Software Group of EMC, which focused on the development and sale of automated network management products. A tri-athlete in training, Scott tries to be outdoors when he’s unshackled from his computer.

Q: What’s Luck got to do with it?

A: For some, everything.

You’ve got a firewall, a disaster recovery plan, redundant hardware, change management, and trouble ticketing. And then there’s monitoring. Monitors for your network and app performance data – check. Monitors for your O/S and Server data – check. Monitors for Database metrics – check. Storage device metrics – check. Transaction response metrics – collected. In duplicate!

Your 1985-2007 IT Strategy was recently revamped from “If we collect more we’ll have a better chance of detecting problems” to a superior 2008 Strategy “If we collect more and collect it more often, no problem can sneak by us.”

You’ve done it; you’re the master of your IT cosmos! You can proudly don your “Best IT Manager Ever” t-shirt to the office on Monday. Truth is, you were going to wear it anyway, but better to wear it like you mean it. All is good in your world, when suddenly a system slowdown elevates to an outage in a matter of minutes and thousands of users are dead in the water. Feeling like an actor in a Southwest “Want to Get Away” commercial, you begin to ask yourself – what went wrong? With St. Patrick fresh in your mind (and Guinness not so fresh on your breath) you realize your luck simply ran out. Or for those of you who don’t believe in luck – your poor reasoning and wishful thinking caught up with you.

Author Profile - Scott Turkow has 8 years of experience in the Enterprise Software space, primarily in Operations and Sales Ops roles. Scott is the Senior Operations Manager at Integrien Corporation, the leading intelligent systems management company that enables the predictable operation of mission critical applications. Prior to Integrien, Scott was with the Resource Management Software Group of EMC, which focused on the development and sale of automated network management products. A tri-athlete in training, Scott tries to be outdoors when he’s unshackled from his computer.

What would you do if your company’s most vital business service went down???

(A) Freak out, pull the fire alarm and run for the high hills.

(B) Calmly inform the executive team that it was a one-time event, an oddity – once in a lifetime occurrence that will never happen again because you and your team fixed it for good. And they needn’t worry about customer complaints due to service availability ever again.

(C) Confident in your ability to recruit superhuman IT professionals, the type that can map the human genome with little more than their brain, 2 hours, a pad and a pencil - you calculate the additional headcount you think you need to speed problem identification and resolution in the future.

(D) Pour more money into your current system-monitoring tool set. You assume the siloed tools that are not designed to prevent problems, the same tools that gave you hundreds of alarms to sort through to “help” identify the problem, are your best option to invest in for your company’s future of improving application performance and availability.

(E) Stop and think. You realize your IT environment is not a simple plug-and-play shop (although all users seem to think so). IT complexity continues to compound and you need to find a new approach to managing critical business services.

If you’re an avid reader of LoveMyTool, you probably (hopefully) answered E. If you selected another answer, please start blogging immediately. I’d love to read how it all works out. Natural disaster films are big in Hollywood, why can’t the tech industry contribute to our rubber-necking appetites. Or will it? And will you be looking away when that next app goes down?

“American Systems chose Reconnex over Vontu and Vericept ... because the Reconnex iGuard is an appliance, it’s easy to install, manage, and maintain.”

-- Brian Neely, CIO, American Systems

Customer Profile - Founded in 1975, American Systems is one of the largest employee-owned companies in the United States, with approximately 1,500 employees nationwide. Based in the Washington, DC, suburb of Chantilly, VA, the company provides systems engineering, technical and managed services to government and enterprise customers. American Systems was named “Contractor of the Year” at the Greater Washington Government Contractor Awards in October 2007.

Vendor Profile - Reconnex is the leader in information monitoring and protection appliances designed for any organization – including enterprises, government agencies or educational institutions – that wants to protect its brand, maintain compliance, or secure sensitive information. Reconnex’s simple-to-deploy appliance delivers accurate detection while protecting an enterprise before, during, and after any threat to corporate privacy or intellectual property. A privately held company based in Silicon Valley, Calif., Reconnex protects information for over one million users today.

Reconnex' iGuard DLP appliance was recently deployed by American Systems to understand what its intellectual property (IP) and other sensitive and private data is, and where it is going. As a provider of systems engineering, technical, and managed services to government and private sector customers with approximately 1,500 employees in 21 offices and 125 field sites, American Systems must have a way to identify and control its IP.

“American Systems chose Reconnex over Vontu and Vericept for a number of reasons,” said Brian Neely, CIO of American Systems. “Because the Reconnex iGuard is an appliance, it’s easy to install, manage, and maintain. In addition, the company’s Data-in-Motion solution offers the most thorough coverage and complete visibility; we can scan network traffic across all protocols, all content types, and all ports in real time—there’s no sampling. IP can’t slip through the net.”

Reconnex Data-in-Motion leverages the purpose-built iGuard to classify and index incoming and outgoing traffic in real time. This traffic is then analyzed against a series of information rules to determine where broken business processes may exist or detect the presence of a leak of sensitive information. This ensures that corporate resources are used in a way that conforms to corporate acceptable use policies. The iGuard appliance also incorporates learning applications that can identify what information needs protection, to radically simplify and shorten the data protection processes.

“Reconnex’s learning applications are an important reason why we chose the iGuard,” said Wesley Ward, director of information security at American Systems. “We generate and use huge amounts of IP, and having to identify and tag all of it manually would be a massive and time-consuming undertaking. Now all we have to do it let the iGuard know what to look for, and it can find it quickly and automatically.”

“By deploying the Reconnex iGuard DLP appliance at network ingress and egress points, American Systems is ensuring its IP receives the deepest and broadest protection possible,” said Faizel Lakhani, vice president of marketing at Reconnex. “In addition, the iGuard’s flexibility allows the company to move quickly to protect new IP as it is developed.”

Continue reading other LoveMyTool posts on Reconnex »

“I needed a system that not only monitored the data on the network but also stored all network communications and allowed me to quickly and easily search for emails, Webmail, and IM communications. Reconnex provides monitoring capabilities as well as proactive email recovery capabilities.”

-- Michael McLaughlin, Network Operations Manager, Norcal

Customer Profile - Norcal Waste Systems, Inc., headquartered in San Francisco, is parent to companies providing all facets of solid waste management: collection, recycling, transfer, and landfill operations. Norcal is proud to be 100% employee-owned and operated. We pioneered recycling five generations ago and continue to provide the highest level of customer service in the industry - a commitment born when we established our company in 1921.

Vendor Profile - Reconnex is the leader in information monitoring and protection appliances designed for any organization – including enterprises, government agencies or educational institutions – that wants to protect its brand, maintain compliance, or secure sensitive information. Reconnex’s simple-to-deploy appliance delivers accurate detection while protecting an enterprise before, during, and after any threat to corporate privacy or intellectual property. A privately held company based in Silicon Valley, Calif., Reconnex protects information for over one million users today.

Norcal Selects Reconnex for Upgrades to Monitoring and Event Correlation of Network Communications

Reconnex's inSight Platform Provides Ability to Search All Network Communications for More Effective Protection of Customer and Employee Personal Data.

Norcal Waste Systems, Inc., the most aggressive recycler out of all garbage companies in the United States, has deployed Reconnex’s iGuard appliances to monitor its network communications and provide full event correlation capabilities for the discovery and mitigation of risks. Norcal selected Reconnex’s iGuard because it is a risk management solution that provides a complete trail of electronic communications by capturing and analyzing, in real time, all data entering or leaving the corporate network. Reconnex’s iGuard enables Norcal to monitor and store all network traffic, providing the most effective tool available for recovery of emails for security purposes. Previously, the company had deployed Reconnex’s e-Risk Rapid Assessment, a unique service that reveals all electronic risk on a company’s network.

“We have over 2,000 employees whose personal information is stored on our network, so we decided to evaluate risk management solutions as part of our constant effort to ensure that we are protecting their information to the fullest extent,” said Michael McLaughlin, network operations manager at Norcal. “I needed a system that not only monitored the data on the network but also stored all network communications and allowed me to quickly and easily search for emails, Webmail, and IM communications. Reconnex provides monitoring capabilities as well as proactive email recovery capabilities.”

Headquartered in San Francisco, Norcal is taking extensive steps to ensure protection of customer and employee information. Norcal was aware that, without technology in place to monitor for hidden threats and the ability to proactively search for network communications to develop an event correlation trail, information in its organization could be exposed. To guarantee HIPAA compliance and to ensure the highest levels of security for its customers’ data, Norcal turned to Reconnex.

Store and Search Capabilities Enable Remediation of Risks at the Root Cause

The Reconnex iGuard analyzes and stores everything entering or leaving the network, giving Norcal the unique ability to search all network communications. Competitive products filter about ninety-five percent of traffic on the network and store less than five percent of the information leaving the corporate network. This means less than five percent of the information critical to an event correlation investigation is actually available. Using the Event Correlation Engine™ engine of the Reconnex iGuard system, Norcal can ensure compliance with various industry regulations and can conduct immediate investigations on all electronic communication sessions, including e-mails, Webmails, Instant Messages, FTP, P2P, chat communications, and much more. Norcal is able to analyze all of this information with instantaneous “Google-like™” quick search queries into the stored data and can create a complete audit trail using iGuard’s easy and intuitive Web-based interface. Reconnex has reduced the amount of time required to search for archived communications from an average of 25 hours per instance to only minutes.

Continue reading other LoveMyTool posts on Reconnex »

Author Profile - David Strom is the former editor in chief of Tom’s Hardware and Network Computing, the author of two computer books and thousands of magazine articles on Internet security, computer networking and other technical topics. He writes frequently for the New York Times, Computerworld, InformationWeek, eWeek, Information Security and other IT-related publications. He is a frequent speaker at many industry events, and writes blogs and records podcasts on numerous technical subjects. He lives in St. Louis, Mo., and can be reached at david (at) strom (dot) com.

Vendor Profile - Since 1990, WildPackets has been developing network and application analysis solutions that enable organizations of all sizes to analyze, troubleshoot, optimize, and secure their wired and wireless networks. WildPackets products are sold in over 60 countries through a broad network of channel and strategic partners. WildPackets has amassed more than 6,000 customers and its products are sold in over 60 countries in all industrial sectors. Customers include Safeway, Boeing, Siemens, AT&T, Motorola and over 80% of the Fortune 1000. Strategic partners include Aruba, Atheros, Cisco, Avaya, Intel and Telchemy.

CONTENT

• It can happen to you!
• Sexual harassment and discrimination
• Why forensics matters to HR managers
• The perfect storm for forensics
• Three types of investigations
• Enter general-purpose forensic tools
• WildPackets OmniAnalysis Platform
• Privacy Regulations: A Summary

OVERVIEW

Something wrong is happening on your network. Call it human nature or simply a few bad apples, but unless your organization is miraculously different from all others, someone is leaking information, someone else is dabbling in porn, and someone else is probably doing a handsome business on eBay—on one of your servers.

Your organization has policies about this—and your industry may have regulations that pertain, as well. You need to ensure these policies are complied with—or you need to collect evidence to take action when they’re not.

When you suspect something is wrong, do you have the means to conduct an investigation? How do you collect evidence—digital evidence—when there are so many channels of communication (email, Web mail, IM, etc.), and so many places to look on your network?

Time for network forensics.