The Importance of knowing what happened on your network
When the regulator comes knocking, do you have the right tools to answer their questions?
More and more legal responsibilities are being pushed onto business. Being able to prove innocence, or where a violation came from, can be critical to avoid huge fines, jail time and other penalties.
On top of general regulations, such as:
- The Data Protection Act “DPA”
- Payment Card Industry Data Security Standard “PCI DSS”
- Sarbanes Oxley Act
- EU General Data Protection Regulation (GDPR)
There are additional, sector or geographic specific regulators who can also impose additional requirements (and fines), these include:
- Computer Misuse Act 1990 – UK based law
- Investigatory Powers Act 2016 – UK based law
- Basel Accords, II and III for the international financial sector
- The Gambling Commission – UK based law
- The Health Insurance Portability and Accountability Act “HIPAA”, for US healthcare providers
- The Personal Information Protection and Electronic Documents Act “PIPEDA” for Canadian corporations
- And so on..
Methods to record and recall huge amount of network transaction data are critical for large corporations, dealing with any of the above regulations and trying to demonstrate legal compliance.
Network transaction recording
In order to verify or not if a communication took place, the main minimal critical parameters to record are:
- Source IP address
- Destination IP address
- Ports in use
- Time and date
Obviously the more meta data recorded, the better, but the storage requirements increase quickly if significant time periods are required to be stored. As an example, the Investigatory Powers Act calls for all websites visited to be recorded for 12 months by certain network operators. To be clear, simply recording network transactions does not mean you comply with every regulation, however it is a critical part of an overall solution.
Allegro Packets Network Multimeter
To meet and exceed the transaction recording requirements listed above, Frame recommends Allegro Packets Network mulitmeter range. An interesting architectural feature of their multimeter is that is has two separate storage methods. Firstly RAM based for instant access to records and secondly, separately scalable HDD based “Ring buffer”, for lower cost, long term storage.
The illustration below, shows the Allegro data storage architecture
Going back in time
Finding out what happened on your network last week or last month is simple. The relevant data is loaded from the HDD storage into RAM and instant access to historical data is achieved. Build the pcap you need from 6 months ago, see who was connected to what services and much more. For additional privacy and protection, the data stored can be fully encrypted.
Allegro Packets 1000
The Allegro 1000 series appliances enable 1 GBit/s to 10 GBit/s analysis of up to 10,000 servers. These network tools provide a highly accurate analysis of an entire location. Depending on the existing network traffic, this is enough for a complete analysis of all data from the several previous days which can be retrieved in real-time from the in-memory database.
Find out more