I often hear the question on why do you need a Network Monitor if you have Network Prevent. This article covers a few reasons for the same.

• There is no Web Proxy Server or Email Proxy/SMTP Gateway Server in the environment.
• There is a Web Proxy Server but it does not support ICAP and hence cannot be integrated with Network Prevent for Web.
• There are segments in the network that bypass Email and Web Gateways/Proxies like DMZ or Server Zones.
• There are small Remote/Regional Offices with very few users and without Web Proxies.
• There are small Remote/Regional Offices with very few users where the risk of not having a prevent component is acceptable.
• Remote/Regional Office is not a company owned/leased premises but a serviced office/business centre without email and web proxies.
• There is a need to monitor non HTTP/SMTP clear text protocols.
• Quickly start monitoring network traffic in passive manner while planning and design changes like up-gradation or replacements of proxies to make them ICAP compliant, and creation of IP address space are made to introduce Network Prevent in the network.
• The requirement is to only do a passive Risk Assessment.
• Internally sell the investment in DLP.
• Phased approach where Network Monitor can be used for learning and tuning policies before introducing Network Prevent.