Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

NetWitness Adds Automated Malware Analysis To Network Monitoring Platform: Page 2 of 2

"Once you have zero trust you suddenly have paranoia," says John Kindervag, senior analyst at Forrester. "Then you have to inspect and log all traffic to see what internal users are doing, as well as activity on the external part of the network. In order to meet that criteria and scalability, you need to deploy an automated tool that we define as NAV."

The need is acute, particularly in the face of malicious insider activity, epitomized by WikiLeaks, and targeted, long-term attacks--advanced persistent threats (APT)--neither of which can be effectively detected by traditional security tools. For example, WikiLeaks suspect Bradley Manning was a trusted insider with authorized access to highly sensitive material, so strong access controls would not have prevented or detected the leaks.

Kindervag says WikiLeaks has caught the attention of enterprises that are concerned that the same type of insider activity could result in the loss of sensitive corporate data, such as intellectual property. "We're getting comments such as, 'My CEO just asked if that could happen to my organization,'" he says. "I have to say, 'Yes, there's no way of knowing if an insider is doing anything wrong.' If you change your trust model, you need situational awareness. You better know what's going on in your network."

NetWitness platform appliances include Informer automated threat reporting and alerting; Investigator analytics for forensics; and Visualizer for rapid content review. Pricing starts at $50,000.

See more on this topic by subscribing to Network Computing Pro Reports Security: Epic Fail