P2 Enterprise Edition

Pioneering Proactive Forensic Solutions

There are many questions that are immediately brought up when it comes to purchasing an Enterprise tool. We want to guide you through those questions and help you feel comfortable with your choice to evaluate Paraben's P2 Enterprise Edition.

What is Proactive Forensics?
Traditionally, the term forensics is always thought of in a reactive sense. This means that an incident occurs and one must reactive to preserve forensic evidence. The use of the term proactive proceeding forensics brings the preservation of evidence to the fore front. Rather than waiting to learn of an incident requiring forensics, proactive forensics actually constantly monitors for the occurance of an incident with an immediate forensic response to ensure evidence is preserved.

What is P2 Enterprise Edition?
In the tradition of Paraben's computer forensic software, P2 Enterprise is an innovative, proactive forensic solution for networks large and small. It is a monitoring tool designed to help your enterprise be in a constant state of preservation when it comes to your digital data.

What makes P2 Enterprise different?
P2 Enterprise is different than most tools since it incorporates both a proactive monitoring and a reactive response all in a live network environment. The proactive monitoring is accomplished through a variety of rules and data profiling that are customized by the enterprise. The reactive response comes into play with the automated ability of the system to acquire images, take snapshots, or mount systems. All functions within P2 Enterprise are done transparently to the user with a special stealth agent that resides on the different workstations in the enterprise.

As you can see, whether you're worried about intellectual property theft, embezzlement, employee lawsuits, or you just want to protect your network from within, P2 Enterprise will not only allow you to perform forensic examinations on any machine on your network, it will monitor activity and start a forensic acquisition when any user does something questionable on the network.

P2 Enterprise is truly proactive in its approach to forensics. With the many rules and regulations set forth to protect investors, such as Sarbanes-Oxley Act of 2002, EU Privacy Law, FTC Safeguards Rule, and many others, companies cannot afford to ignore the need to protect & preserve data. P2 Enterprise works by utilizing four types of modules - three server based modules and one client based module.



Server Module 1: Central Authentication Server (CAS)
This module is the authentication mechanism behind P2 Enterprise. It maintains all rules and information for interconnections between all other modules. It also acts as the central repository for all forensic images & data collected. The CAS works hand in hand with data management capabilities associated with Microsoft SQL Server or MYSQL.

Server Module 2: The Enterprise Proxy
The Enterprise Proxy serves one main purpose as it is the main communication pass through for the system as well as for the routers and firewalls. All other modules use the Proxy to unify all data transfers through one secure gateway. The authentication process is also performed on the Proxy side to make security even stronger. The Proxy has a base of 128-bit encryption.

Server Module 3: The Captain
The Captain module provides the GUI for the customization of P2 Enterprise. It is the centralized manager for all of the Agent-Crew modules in the network.

• A. The Proactive Monitoring Capabilities
  The Captain provides a concise user interface for setting the rules that will be stored in the CAS. Some of the rules/capabilities include monitoring system logins, running processes, file activity, event logs, network sniffing of local traffic, hardware monitoring, application installs/uninstalls, data copied to internal systems, deleted activity, and more.
• B. Active Computer Investigations
  The Captain module is also responsible for initiating forensic investigations on Agent-Crew machines. Due to advanced techniques used in the development process, the user is able to perform almost any usual operation remotely on Agent-Crew machines, including (but not limited to) device mapping, remote memory examination, remote administration, and complete remote hard drive acquisitions.
  
  
• C. Technical Specifications
  P2 Enterprise adheres to strict forensic practices by ensuring that data integrity is maintained. The clients are completely invisible to the local users and all of the P2 Enterprise components support Windows 2K/XP/2003. The full P2 Enterprise system is fully capable of working with other suites that are currently deployed in an enterprise.

Client Module: Agent-Crew (A-C)
The Agent-Crew module is the main investigative module. It is installed on all the computers on the network for remote data collection and acquisition. The module is completely hidden from the user and its activity remains unseen. Most operations are performed at the lowest possible level, so it is possible to gather data from all PC activities. The Agent-Crew module can all be deployed remotely through the Captain interface.

This module can function in a forensic and non-forensic mode. The forensic mode sends all data collected over the network to a central hidden store. It is optional to send this data at scheduled times to lessen the traffic on the network. The non-forensic mode stores data locally and hides the storage container from the user so it can be transferred at a predetermined time as not to be seen by the user. Or gathered at less frequent intervals. All of the above components come together to create a comprehensive internal forensic suite for your enterprise. The P2 Enterprise solution is designed to be both comprehensive as well as cost effective for enterprises of all sizes. For more information or for a price quote on P2 Enterprise please contact us at enterprise@paraben.com.