Why Network Monitor?
Created: 07 Jun 2012 | Updated: 12 Jun 2012 | 3 comments
I often hear the question on why do you need a Network Monitor if you have Network Prevent. This article covers a few reasons for the same.
- There is no Web Proxy Server or Email Proxy/SMTP Gateway Server in the environment.
- There is a Web Proxy Server but it does not support ICAP and hence cannot be integrated with Network Prevent for Web.
- There are segments in the network that bypass Email and Web Gateways/Proxies like DMZ or Server Zones.
- There are small Remote/Regional Offices with very few users and without Web Proxies.
- There are small Remote/Regional Offices with very few users where the risk of not having a prevent component is acceptable.
- Remote/Regional Office is not a company owned/leased premises but a serviced office/business centre without email and web proxies.
- There is a need to monitor non HTTP/SMTP clear text protocols.
- Quickly start monitoring network traffic in passive manner while planning and design changes like up-gradation or replacements of proxies to make them ICAP compliant, and creation of IP address space are made to introduce Network Prevent in the network.
- The requirement is to only do a passive Risk Assessment.
- Internally sell the investment in DLP.
- Phased approach where Network Monitor can be used for learning and tuning policies before introducing Network Prevent.