Business Problem

Information contained in networks is critical and confidential to network users. Patent filings, classified documents, new product testing and new designs are the types of information that have values to cyber criminals. Federal regulations protect the privacy of personal information – such as health records and social security numbers – used by governments, hospitals and enterprises. 

Exfiltration refers to the unauthorized release of data from within an organization and includes authorized network users who access data they are unauthorized to see. 

Who is affected

Illegal data exfiltration affects and creates problems for corporations, governments and critical network infrastructure companies. Private data can be compromised resulting in organizational fines. In extreme cases, exfiltration of sensitive data can compromise the security of governments. 

Solution

To prevent data exfiltration, network administrators should first, baseline the normal patterns of their networks, then continuously monitor thier IP services, servers, routers, and applications. These actions supplement semantic guards that can be deployed in the network to look at specific content. 

With the NarusInsight Solution for Cyber Protection, security and operation administrators first determine the normal baseline. Deviations from the normal behavior of a network can be flagged and receive flagged messages about deviations. 

Metadata provides data on the traffic versus the actual payload. This type of data is in many ways more valuable than the full payload because it helps security and network analysts see patterns. Each protocol has different types of metadata that can be analyzed. Metadata can show top talkers and traffic patterns by IP address. 

For example, metadata can determine if traffic directed to servers or countries outside the baseline. If operators see gigabytes of data directed every Friday at 5:00 PM to the .cn (China) domain that could indicate a problem. However, if the baseline shows this is to be the norm because the operations manager is communicating with his factory in China, the pattern will show up as normal. 

If anomalies are determined and detailed analysis is needed, network operators can look at full packet capture to get detailed information about potential problems. Content rendering can be used to reconstruct actual messages to determine attribution and provide operators with a suitable response. 

Credible Evidence

NarusInsight Solution for Cyber Protection is used to baseline a network's behavior, deviations can be flagged and investigated.

Benefits

•  Preserve intellectual property through reduced exfiltration.
•  Ensure compliance with federal regulations to protect private and sensitive data.
•  Protect against subversive activities that comprise critical information
•  Protect national security.