EtherSensor Insider Threat Visibility (ITV) edition for Azure - a cloud-based application level network traffic analyzer for detecting internal security policies violators in organization.
As a result of traffic processing, EtherSensor ITV creates information security events that are transmitted to consumer systems.

The use of the following consumer systems is recommended:

• Splunk UBA
• IBM QRadar UBA
• ArcSight UBA
• InfoWatch Traffic Monitor
• McAfee Total Protection for DLP
• Symantec DLP

Security events content and metadata help consumer systems to discover:

• atypical (abnormal) user behavior
• illegal access to internal information resources
• unintentional or malicious leaks of confidential data

Additionally obtained security events at the investigation stage allow to answer the following questions:

• who and when got access to particular internal information resource
• how certain confidential data was actually distributed within the company
• with whom the user was communicating inside and outside the company, which files were transferred
• what external services were used

EtherSensor ITV features:

• works with a copy of network traffic from various data sources (SSL Visibility, Web Proxy, Network Appliance)
• as a result, normalized information security events are transmitted to consumer systems (SIEM, DLP, IAM)
• analyzes high-speed network flows, which allows you to process all network traffic (and not just traffic from the perimeter of the network)

Supported data sources:

• network devices which support port mirroring
• NGFW with SSL decryption features
• SSL Visibility Appliance
• Web Proxy with ICAP functions
• Lotus Notes Transaction Log
• PCAP files