Monday, August 25, 2003

Oakley Networks Product Monitors for Inappropriate Insider Activity

Earlier I mentioned Vericept, whose product watched for the movement of sensitive data out of corporate networks. I recently learned of Oakley Networks, whose IO-3 product appears to do something similar. Rather than watching for suspicious inbound activity, typically caused by intrusion attempts, this product watches for leakages of data defined by the administrator. Of course, the product only gets interesting if we know it doesn't "grep for strings." We could program Snort or ngrep to do that!