Microolap Technologies


Microolap Technologies

Application level network traffic analyzer for detecting internal security policies violations

EtherSensor Insider Threat Visibility (ITV) edition for Azure - a cloud-based application level network traffic analyzer for detecting internal security policies violators in organization.
As a result of traffic processing, EtherSensor ITV creates information security events that are transmitted to consumer systems.

The use of the following consumer systems is recommended:

  • Splunk UBA
  • IBM QRadar UBA
  • ArcSight UBA
  • InfoWatch Traffic Monitor
  • McAfee Total Protection for DLP
  • Symantec DLP

Security events content and metadata help consumer systems to discover:

  • atypical (abnormal) user behavior
  • illegal access to internal information resources
  • unintentional or malicious leaks of confidential data

Additionally obtained security events at the investigation stage allow to answer the following questions:

  • who and when got access to particular internal information resource
  • how certain confidential data was actually distributed within the company
  • with whom the user was communicating inside and outside the company, which files were transferred
  • what external services were used

EtherSensor ITV features:

  • works with a copy of network traffic from various data sources (SSL Visibility, Web Proxy, Network Appliance)
  • as a result, normalized information security events are transmitted to consumer systems (SIEM, DLP, IAM)
  • analyzes high-speed network flows, which allows you to process all network traffic (and not just traffic from the perimeter of the network)

Supported data sources:

  • network devices which support port mirroring
  • NGFW with SSL decryption features
  • SSL Visibility Appliance
  • Web Proxy with ICAP functions
  • Lotus Notes Transaction Log
  • PCAP files