SentryWire Use Cases

User Anomalous Behavior - identify employees using unapproved applications or using applications in ways that violate policies, correlating meta-data about users, files, and sessions with real-time threat information, and using the correlations to provide situational awareness and alerts.

Data Exfiltration - log exfiltrated files with 5-Tuple indexing and hash info for comparing data, taking action, and retrieving packets for forensics.

Network Access Control (NAC) Analysis - receive real-time alerts of unauthorized network connectivity thru 5-Tuple indexing and logging, allowing the end-user to compare the data to a known list of approved network access points.

Malware Infiltration Detection - detect, classify and extract objects (files, URLs, IP addresses, etc.) in real-time to inspect and take appropriate actions to enrich cyber investigations and generate alerts.

Network Behavior Anomaly Detection (NBAD) - detect anomalies from normal network traffic behavior and correlate to a 5-Tuple index for root cause review.

Various Forensic Traffic Analysis Applications - analyze captured data for suspicious traffic (such as non-DNS traffic over port 53, encrypted traffic over port 80, etc.) and alert the user of what they deem as suspicious user behavior.