Video Screencast Help

Why Network Monitor?

Created: 07 Jun 2012 • Updated: 12 Jun 2012 | 3 comments
Language Translations
Tariq Naik's picture
+3 3 Votes
Login to vote

I often hear the question on why do you need a Network Monitor if you have Network Prevent. This article covers a few reasons for the same.

  • There is no Web Proxy Server or Email Proxy/SMTP Gateway Server in the environment.
  • There is a Web Proxy Server but it does not support ICAP and hence cannot be integrated with Network Prevent for Web.
  • There are segments in the network that bypass Email and Web Gateways/Proxies like DMZ or Server Zones.
  • There are small Remote/Regional Offices with very few users and without Web Proxies.
  • There are small Remote/Regional Offices with very few users where the risk of not having a prevent component is acceptable.
  • Remote/Regional Office is not a company owned/leased premises but a serviced office/business centre without email and web proxies.
  • There is a need to monitor non HTTP/SMTP clear text protocols.
  • Quickly start monitoring network traffic in passive manner while planning and design changes like up-gradation or replacements of proxies to make them ICAP compliant, and creation of IP address space are made to introduce Network Prevent in the network.
  • The requirement is to only do a passive Risk Assessment.
  • Internally sell the investment in DLP.
  • Phased approach where Network Monitor can be used for learning and tuning policies before introducing Network Prevent.

Comments 3 CommentsJump to latest comment

Syed Hussain -Compliance Devil's picture

Hi Tariq,

This give us a clear picture on how to address customer queries based on this.

 

 

Thanks,

-Syed Hussain

 

If a post solves your problem, please flag it as solved. If you like an item, please give it a thumbs up vote.
0
Login to vote
kishorilal1986's picture

Nice Sir, Can you please explain the why and which componets from above should be selected (Monitor/prevent). I read above article but expect something specific reason to take decision basis on.

0
Login to vote
ARRKNINE's picture

Network Monitor captures the traffic, and flags the violations.

Network prevent on the other hand inspects the complete message before forwarding. This allows the Prevent product to take appropriate steps to block, modify or pass the message.

0
Login to vote