PacketMotion Inc. 's new Identity Intelligence package doesn't just improve IT's view of the network -- it also shows operators who's on the network and what applications and resources they're using.
"I can't tell you how many CIOs have said to me 'We may have outside contractors on our network, but I can't tell you who they are or what they're doing,' " says Scott Ruple, VP of marketing for PacketMotion. And those sorts of blind spots are bound to land enterprises in trouble with regulators, when they are subject to a growing list of state and federal data handling laws.
Identity Intelligence 2.1 works with the vendor's PacketSentry Probe 1000 appliance to analyze relevant data, then present it with user- or application-level detail, giving customers more practical information than what they might derive from port- and packet-level data, according to Ruple. The product takes advantage of data warehousing so that data can be stored for years, rather than just weeks, providing even more depth and detail to reporting and management capabilities, the vendor claims.
Analysts say this is a trend among technology vendors: Bringing more intelligence to bear on security management data, and not just triggering alarms. (See Security's New Maturity and Cymphonix Tunes Security Management.) Vendors like PacketMotion are trying to help customers be more proactive with these functions, in part to help them stave off compliance infractions.
PacketMotion uses a span port off a network switch to look at every packet in real time, along with its virtual proxy engine, without slowing network traffic speeds or performance, according to Ruple. In this latest iteration, PacketMotion has added Excel and custom application support to make security management information more portable and customizable -- not just for IT, but for non-technical departments like human resources and accounting. This information allows more people across the enterprise to help enforce security policy, the vendor says.
And that's where at least one user would like to see even more intelligence and automation brought to bear. The new reporting functions and granularity are welcome additions, according to Herb Tong, network infrastructure manager for the City of San Francisco, who's helped with development and beta testing of the new product. But if certain thresholds get tripped or users deviate from what they're supposed to be doing, he'd like to see PacketSentry respond automatically by throttling back bandwidth or blocking a certain traffic type.
PacketSentry and Identity Intelligence aren't for the budget-conscious -- typical installations start at around $50,000, according to the vendor. "That's why we agreed to help with the beta testing -- to qualify for discounts," Tong says.
Terry Sweeney, Editor in Chief, Dark Reading