Application Data Monitor

A Powerful and Affordable Solution to Fraud and Data Loss

NitroView Application Data Monitor (ADM) is the first and only product of it's kind — a simple and easy-to-use appliance that takes security and compliance beyond the limits of log management—monitoring all the way to the application layer, and providing full inspection of application contents for the deepest possible visibility into how your network is being used.

Threat activity is evolving, moving further "up the stack" to the application layer. At the same time, compliance requirements are demanding that all access to sensitive data be fully monitored, logged and audited. Unlike application log management, which provides only a surface view of how applications are being used, NitroView ADM looks directly into the application data: examining the underlying protocols, analyzing the full application session, and decoding the application contents.

 

  • Overview
  • Key Features
  • Content vs Flows
  • Specifications
  • Use Cases

NitroView ADM's full visibility into the contents of application and protocol traffic directly supports your compliance efforts by tracking all use of sensitive data on the network, while at the same time enabling a new level of threat detection, including the detection of:

  • Advanced application-layer threats
  • The unauthorized use or theft of confidential data
  • Attacks on or from security "blind spots"
  • The use of dangerous legacy code
  • The theft or misuse of user credentials
  • Sensitive data transmitted via any application
  • Broken business processes

Captures full session detail of all violations

NitroView ADM is more than application flow monitoring: it decodes the entire application session, all the way to layer 7.

Pre-built detection rules for common types of protected information (e.g., credit card and social security numbers)

Most compliance regulations dictate that we must monitor all access to and use of sensitive information: from credit card numbers, social security numbers, bank routing numbers, etc. NitroView ADM will detect these sensitive data types, alert appropriate personnel, and log the transgression in order to maintain an audit trail.

Supports user-definable dictionaries and rules for customization

While NitroView ADM can detect many types of sensitive data out of the box, it also supports customizable dictionaries so that you can tell NitroView what's important to your organization.

Generates a complete audit trail of application events for compliance

When NitroView ADM detects a violation, all details of that application session are preserved—for use in incident response & forensics, or for compliance audit requirements.

Operates on a span port: no interference with application performance or latency

Many applications are sensitive to network performance, which is why NitroView ADM was designed to operate passively, with no risk to an application's operation, performance, or reliability.

Fully integrated with NitroView ESM

NitroView ADM is fully integrated with NitroView ESM, providing a central resource and interface for all monitoring and compliance needs, and enabling application contents to be used by event correlation and other advanced SIEM features.

It's common practice to imply that by monitoring network flows we can bring to light application awareness and define application usage within a network. This implication of application awareness is normally justified by classifying applications based off of the well known destination port information published by the Internet Assigned Numbers Authority (IANA).

However, by doing so we are assuming that all application flows are trusted and secure—in contrast, attacks are often "hidden" from firewalls and other defenses by masquerading as "legitimate" applications.

OSI Model showing the difference between Application Flows and Application ContentsApplication content monitoring decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols, the integrity of the session itself, all the way up to the actual contents of the application (e.g., the text of an email or its attachments). This level of detail allows for accurate analysis of real application use, while also enabling you to enforce application use policies, and to detect malicious, covert traffic.

 

 

 

 

 

 

NitroView ADM's application content awareness supports a variety of a use cases, including:

Compliance

  • Monitor and log application activity
  • Show application policy violations
  • Establish an audit trail for protected data usage
  • Establish an audit trail for application use
  • Establish an audit trail for user account activity and changes
  • Produce application-layer audits
  • Show top users of protected data

Threat Detection

  • Determine covert applications hidden in application traffic
  • Detect fraudulent account activity
  • Detect fraudulent data retrieval
  • Detect advanced threats and blended attacks
  • Detect data loss

Network and Security Operation

  • Analyze application performance
  • Determine open/in-use ports and services
  • Detect protected information in use by applications
more use cases

For more detail on popular use cases, please visit our Use Cases page, or Contact Us to arrange a personal webinar, and see how NitroView can meet your individual requirements.