PacketMotion can even verify that the last days of an employee were not spent performing malicious acts on the network. I created a report for two different weeks of data and easily compared the differences in network traffic and application usage. I could see there was more IM activity and encrypted connections in the last week than there had been in previous weeks. A company could easily re-create this process to verify that access was not made to files outside of the former employee's purview and ensure that no data was altered or deleted.
PacketSentry is a great product to fill in the gaps where IDS and network-flow monitoring fall short--provided your environment uses Active Directory. It assists with the who, where, what and when necessary to investigate network and personnel issues. Note, though, that it's not a replacement for a network forensic device as it does not capture the network traffic to disk for in-depth review.
John H. Sawyer is a network security engineer at the University of Florida and a GIAC Certified Firewall Analyst and Incident Handler. Write to him at [email protected].
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
