Proactive Network Forensics
Innovative Proactive Forensic Solutions for Your Enterprise
In order to understand the principles governing proactive forensics, we first must understand what it is. Traditionally forensic has been limited to the realm of reactive examination of evidence after an incident. This has meant an incident must occur before we start preservation and the gathering of viable forensic evidence.
This is not the case when it comes to the principles of proactive forensics; in fact it is the opposite. The principles of proactive forensics are that of the constant preservation of potential evidence. Now this may seem to be a bit extreme to most but when it comes to protecting your company, your customers, and your investors, no amount of protection is too much.
Paraben's P2 Enterprise system takes the basic principle of constant preservation in proactive forensics and breaks it down through different active rule systems and data profiling that runs on your network systems. However, this was not enough and P2 Enterprise decided to go one step further bringing together a hybrid of network monitoring with its proactive forensics to create the ultimate tool.
Proactive forensics is the first three dimensional approach to forensics.
Network monitoring and computer forensics go hand-in-hand:
The Importance of Forensics in Network Monitoring
No one needs to tell a company twice whose enterprise that has been affected by an insider to be vigilent. However, making the right decisions as to what to monitor and when to monitor it is still a daunting task. Running an enterprise based on a smart rule system is the way to go. The need to protect intellectual property, improve employee productivity, & protect your organization from lawsuits and fraud are not only good business, they are often required by law and can all be accomplished through running smart rule monitoring. The smart rule monitoring found in P2 Enterprise is designed to customize to your needs. From marking files, to watching activitities, all the many facets of your enterprise are secured. The best part about this type of system that is different from traditional network monitoring & security software is that is does not overlook the preservation of the evidence that is collected. With the potential for any incident to go to court, it has become necessary to preserve and be able to validate the forensic nature of any data that could possibly be introduced as evidence in a court of law.
Preserving the Evidentiary Value of Data
Digital evidence must adhere to strict standards in order to prove that the evidence is sound. These standards are practiced throughout law enforcement agencies and computer forensic consulting firms throughout the world. P2 Enterprise Edition is the first tool that combines network monitoring and security with computer forensics and the need to preserve the evidentiary value of any data collected from your network. This not only makes for good business practices but it also helps you to become compliant to many laws and regulations requiring companies to preserve customer data and protect investors.
Forensic Acquisitions
P2 Enterprise Edition can execute a forensic acquisition of any machine on your network. You control the factors that trigger automated seizures or you can manually acquire any machine on your network at any given time, all covertly done over the network. P2 Enterprise gives you the choice of storing acquisitions on the local machine in a hidden, encrypted container or acquiring the data over your network to be stored on a secure file server set aside for storage of forensic acquisitions. You also have the choice of what is acquired on any given machine. You can perform a complete bit-stream acquisition of all drives on a client machine or you can choose to acquire all or portions of the logical files on that machine. The possibilities are endless when it comes to the customization available in P2 Enterprise.
Proactive Controls
What makes P2 Enterprise Edition a truly proactive solution? It's simply the combination of network monitoring and forensic acquisitions. The Captain module allows you to create rules or a base-line of user activities that can trigger a forensic acquisition. These rules are essential to being proactive. You can create rules for any user and start a forensic acquisition for any violations by monitoring system logins, running processes, file activity, event logs, network sniffing of local traffic, hardware monitoring, application installs/uninstalls, data copied to internal systems, deleted activity, and more.
Some practical examples of users that might send a red-flag that would start an acquisition according to the rules you set up would be:
- Someone outside the accounting department accesses accounting records.
- A user accumulates 100,000 images in their Internet cache.
- Key words are typed in chat windows.
As you can see, the advantages of taking a proactive approach to network forensics are almost endless. Using P2 Enterprise to monitor and acquire network data based on your smart rules puts you in complete control of your network helping you protect yourself from potential threats, whether internal or external.
Insider Threat
Even with detailed employee manuals, sensitivity training, and protocols to protect your intellectual property, you can never be too prepared for potential insider threat issues. You need to be able to spot potential threats as they occur and you need to be able to present court-ready evidence if necessary. P2 Enterprise is the first network security tool that combines advanced monitoring with computer forensics to ensure you are doing everything possible to protect your company & its investors from unforeseen threats within the company. In today's world of corporate corruption, many laws have been enacted to track, preserve, and prevent data from getting into the wrong hands. Taking a proactive approach to monitoring & forensically preserving court-ready data will put you light years ahead of the game.
 
|
