"We're 80 percent virtualized, and we're now monitoring things we couldn't see before," says Andrew Gahm, systems and security engineer at South Jersey Healthcare. "We can collect data we never could have because it never touches a wire."
Both the physical appliances, which sit on a span port off a network, and the virtual probes, which are installed as a VM on a host server, filter, record and analyze packets based on enterprise preferences, as well as on predefined and customizable rules. Both are managed through a common console, PacketSentry Manager, for security monitoring in hybrid data centers.
Security and compliance efforts can be compromised by the lack of visibility into virtual networks, as organizations are unable to detect suspicious activity on and between critical application servers and databases. Privileged user responsibility and separation of duties can break down as administrators assume responsibility for physical hosts, rather than particular server groups. The dynamic nature of virtualization--in which servers are quickly created, taken down and moved--further complicates administration and policy enforcement.
PacketMotion calls PacketSentry a user activity management (UAM) product, identifying primary use cases as:
- Compliance and internal audit controls for databases, applications and file shares;
- Data protection though access control and monitoring around sensitive data; and
- High-risk user management, including privileged users, VPN users, partners and contractors