Terms like firewall, IDS, and deep packet inspection may be indicative of today’s network security landscape, but tomorrow’s may also include ‘big brother’ style appliances that log all user activity in an attempt to counter internal threats.
This week Israeli company Sabratec Ltd. is launching its Intellinx monitoring solution, which has been described as “one big sniffer”, into the Australian market. It is installed on a separate system to analyze and archive every action users perform. The information can then be used as an audit trail in the event of fraud by in-house employees.
Brad Irvine, Northern Territory government ICT office director, said in certain parts of an organization audit trail appliances may be warranted particularly in the more sensitive areas of government, but generally cost and performance degradation factors need to be weighed up.
“It always comes back to how you secure an application and its data; the network shouldn’t be overloaded with all theses security controls,” Irvine said, adding he’s always been an advocate of making systems secure.
In Irvine’s experience, audit trails are only useful when there has been a breach, but are relevant in line with the number of incidents.
“If it is a systemic problem then you could justify the cost,” he said. “In this agency we do regular reviews of threats, because we are responsible for paying all government accounts so it’s important to have robust systems and rigorous procedures.”
Irvine believes the technology could potentially become pervasive but is up to the organization to determine where the risks lie, and “we have checks and balances to stop fraud”.
Sabratec spokesman Boaz Krelbaum said Intellinx is unique in that it includes legacy mainframe and AS/400 applications.
“The product monitors the enterprise environment, not private things,” Krelbaum said. “Intellinx can decrypt encrypted information once a private key is given.”
When installed, the Linux, Java, and DB2-based appliance acts like a black box that “records everything”, but end users can customize it in accordance with business rules.
The appliance gathers data at a rate of about 50 kilobytes per user per day which equates to upwards of 100GB of compressed recordings for a 5000-employee organization over six months.
Upcoming versions of Intellinx will support client/server and Web traffic.
Intellinx will be sold and integrated locally by Advent One. Bob Bassat from Avent One said the product is non-invasive and does not degrade performance.
“It’s aimed at internal users and it protects privacy, fraud, and inappropriate behaviour,” Bassat said, adding that the device is tamper proof and can perform real-time alerts.
In terms of cost, Basset said a large ‘big four’ bank would be looking at up to A$700,000 (US$515,396) for a fully deployed system, including the hardware, but a more modest implementation is likely to be about A$100,000 fully deployed.