Data Loss Prevention

 View Only

  • 1.  Diffrence between Network Monitor and Network Prevent technically

    Posted Aug 04, 2013 04:59 AM

    Wants to know the Diffrence between Network Monitor and Network Prevent technically.How the licence of each of this provided.How prevent technically works rather than monitor work with monitoring traffice by port mirroring.



  • 2.  RE: Diffrence between Network Monitor and Network Prevent technically

    Broadcom Employee
    Posted Aug 04, 2013 05:33 AM

    Network Monitor delivers passive inspection of all transmission control protocol (TCP) network communications. A copy of the network traffic is routed to Network Monitor through either a SPAN port or a network tap. Network Monitor inspects the traffic, searching for confidential data in violation of data loss policies. If a match is detected, Network Monitor generates an incident and forwards the corresponding incident information to the Enforce Platform for reporting and remediation. Network Monitor detects confidential data and significant traffic metadata over the protocols that you specify. Network Monitor inspects all network communications such as e-mail, IM, Web, FTP, peer-to-peer (P2P), and generic TCP.

    Network Prevent

    it has 2 falvors one is for web and one for email.

    hope this helps.



  • 3.  RE: Diffrence between Network Monitor and Network Prevent technically

    Broadcom Employee


  • 4.  RE: Diffrence between Network Monitor and Network Prevent technically

    Trusted Advisor
    Posted Aug 05, 2013 02:05 AM

    Hi Santosh,

     Huge difference is that monitor is passive and prevent is active.

    As you said monitor receive a copy of net flow and cannot do any action on it (even when you detect a data leakage you cant block it), prevent is "in the middle of the flow" so you can decide to do live action on the message itself (block it, copy it,.....).

     License for monitor and prevent are different, if you have both you have to pay licence for monitor and prevent. Just be careful, as pete wrote, prevent has 2 flavors one for email and one for web, and you have to get licenses for each.

     Regards.



  • 5.  RE: Diffrence between Network Monitor and Network Prevent technically
    Best Answer

    Posted Aug 06, 2013 02:49 AM

    Network Monitor is technically a sniffer which parses the incoiming packets (mirrored or tapped) for content based on polices you create. It cannot do any preventive action.

    Network Prevent for SMTP is a streaming SMTP proxy which acts as an intemedatory between the downstream and upstream MTAs. It just relays SMTP commands between these two MTAs and is not a true SMTP proxy or MTA. Again it looks for content based on the polices you have created. Due to its placement it can block or modify SMTP conversations.

    Network Prevent for Web acts as an ICAP server. It parses the ICAP traffic it recived for content based on polices and has several ICAP responses at its disposal including block. It relies on the proxy to send it traffic for inspection.



  • 6.  RE: Diffrence between Network Monitor and Network Prevent technically

    Posted Aug 06, 2013 01:56 PM

    Thanks Tariq.