SentryWire - Use Cases
SentryWire's Next-Gen Platform provides immense network throughput, limitless packet capture timelines, fast access to vast amounts of data, flexibility to use any analytics tools available and visibility into your entire enterprise. These innovative features make SentryWire the perfect platform for the following use cases.
SentryWire Use Cases
User Anomalous Behavior - identify employees using unapproved applications or using applications in ways that violate policies, correlating meta-data about users, files, and sessions with real-time threat information, and using the correlations to provide situational awareness and alerts.
Data Exfiltration - log exfiltrated files with 5-Tuple indexing and hash info for comparing data, taking action, and retrieving packets for forensics.
Network Access Control (NAC) Analysis - receive real-time alerts of unauthorized network connectivity thru 5-Tuple indexing and logging, allowing the end-user to compare the data to a known list of approved network access points.
Malware Infiltration Detection - detect, classify and extract objects (files, URLs, IP addresses, etc.) in real-time to inspect and take appropriate actions to enrich cyber investigations and generate alerts.
Network Behavior Anomaly Detection (NBAD) - detect anomalies from normal network traffic behavior and correlate to a 5-Tuple index for root cause review.
Various Forensic Traffic Analysis Applications - analyze captured data for suspicious traffic (such as non-DNS traffic over port 53, encrypted traffic over port 80, etc.) and alert the user of what they deem as suspicious user behavior.