In the enterprise world, securing the internal network and complying with mandated security standards and regulations—like the Payment Card Industry Data Security Standard (PCI DSS), the Gramm-Leach-Bliley Act (GLBA) and Sarbanes-Oxley (SOX)—can make life very difficult for IT security and compliance teams.

PacketMotion thinks the answer to internal network security and compliance is to work smarter, not harder. Easily said, but the Sunnyvale, Calif.-based PacketMotion put its money where its mouth is last month when it unveiled PacketSentry 4.0.

"The economy may be showing signs of recovery, but IT budgets remain tight. The effects of the recession and the call to 'do more with less' will continue to challenge IT security and compliance teams for years to come," said Paul Smith, PacketMotion CEO. "PacketSentry's ability to provide a total picture of what's going on in the network and to deliver PCI segmentation capabilities through a single, agentless and non-inline platform not only solves security and compliance problems, but also slashes overall security and compliance costs."

PacketMotion is a specialist in what it calls User Activity Management (UAM) solutions, which allow enterprises to monitor, record and control user and privileged user activities across operating systems, databases and applications, segmenting certain assets away from unauthorized users.

PacketSentry is PacketMotion's flagship product, and this latest version adds SourceSynch for Microsoft Windows SQL Servers and Unix/Linux systems, extending its UAM capabilities over the encrypted activities of privileged administrators without resorting to invasive software agents. PacketMotion said it provides improved security and compliance without affecting network performance. In addition, new rule engine enhancements allow virtual segmentation capabilities that scale at Fortune 500 levels, according to PacketMotion. That scalable virtual segmentation gives enterprises of any size the ability to segregate in-scope PCI assets from unauthorized users without having to deploy expensive and complex firewalls.

"UAM is really a disruptive approach with respect to this problem that companies are facing," said Jonathan Gohstand, vice president of marketing at PacketMotion. "The concept is a passive approach that's inserted on the inside of the network, monitoring the network by hanging off the network infrastructure."

Gohstand explained that PacketSentry 4.0 allows enterprises to put access controls on data to limit who can get at it. If it detects unauthorized access, it simply breaks the connection. The appliance first builds a baseline view of the activities of a person or group across an asset. Once it understands the norm for a team, it proactively looks for deviations. In that way, it can even detect when a user who is authorized to use an asset is using it inappropriately.

For instance, if an employee who is authorized to access PCI data begins spending a lot more time than usual accessing that data, PacketSentry 4.0 will flag it and issue a report.

"If everyone is following the rules, I don't even get a report," Gohstand said. "But if something goes off the rails, then I get a report, down to an individual user."

Gohstand added that even for users who are authorized, PacketSentry 4.0 maintains a very granular audit trail. Companies that have deployed it can go back and look at what a person accessed, even what they touched or typed on a screen. Gohstand noted that this capability could be invaluable for forensic audits, allowing companies to go back and look at what a user was doing for months.

"Within our organization, IT security and compliance initiatives are given top priority. As a government agency, we have to remain secure and in compliance at all times while being highly cognizant of budget constraints," said Daniel W. McRae, IT manager of DIT Infrastructure Services, City of Richmond (VA). "PacketSentry has allowed us to extend our insider activity monitoring capabilities to a wide range of users across our vast Microsoft environment. Its non-inline deployment model and agentless monitoring capabilities have saved us time and money."

The new features in PacketSentry 4.0 include:

  • Rule engine enhancements that provide scalable virtual segmentation capabilities, allowing enterprises of any size to protect in-scope PCI assets from unauthorized users without expensive firewalls, inline hardware deployments or invasive software agents. Additionally, improvements enable dramatically accelerated processing speeds and the ability to handle up to 500 times more rules.
  • Extended SourceSync capabilities for Microsoft Windows SQL Servers and Unix/Generic SYSLOG devices. SourceSync provides monitoring and reporting for encrypted privileged administrator activities without agents, inline appliances, or heavy native logging.
  • Sybase support, providing Sybase database users with improved security and compliance through comprehensive, detailed user activity management capabilities and reports.
  • Preconfigured (GLBA) and SOX compliance reports, enabling financial services industry customers and public corporations to quickly and easily prove compliance with these stringent and complex regulations.

While Gohstand acknowledged that PacketSentry 4.0 does need some care and feeding, he said one person could easily maintain the system. He also noted that PacketMotion allocates two days to deploy the system on a customer's network. The first day is set aside for installing and tuning up the system, and the second day is spent training the customer on the system while spinning out reports and rules directly on the customer's data.

PacketSentry 4.0 pricing begins at $50,000.

Thor Olavsrud is a former senior editor of InternetNews.com and covers operating systems, standards and security.