Feature Focus: Network Monitoring

08/09/2017 Insider Threat Data security Network monitoring

Complete visibility around your data means knowing what's happening with it, both on AND off your network. Remote workers, after-hours commitments, and changing practices all point towards increased threat around your data, either accidental or malicious. That's where our Network Monitoring capabilities can help.

The key question? Can your current Insider Threat tool tell you where your business-critical data is going … outside your network? ZoneFox can, tracking file uploads and downloads from a user’s endpoint to any network location, including other computers on the local network, computers across the internet and websites or services such as Google Drive. Smart, right?

Network Monitoring by ZoneFox brings total visibility to files that are uploaded and downloaded both within your network and to sites on the internet.

Network monitoring image ZoneFox

The new Networking Dashboard provides an overview of this data, allowing your team to easily view:

  • The amount of data that has been uploaded or downloaded by your organisation
  • Exactly where in the world your data being uploaded to, or where data is being downloaded from on our Data Flow Map. You can also view the quantity of data involved in this data flow for each country
  • The top locations, both geographically and by website, where data is uploaded to and downloaded from by your users
  • The users who upload and download the most

The data presented on the dashboard allows you to quickly spot any anomalies which could affect your security - whether this is data transfers to an unexpected country or a particular user who has uploaded an unusually large amount of data in a short period of time. But the real power of our Network Monitoring feature comes from its full integration with our search capabilities.

Whilst the dashboard provides you with an overview of network activity, as soon as you start to add search terms, you can filter down through the data to the most relevant events to your investigation.

Utilising the search capability, you can search for events using any combination of our five factors:

  • The user who performed the network activity
  • The machine that the file was uploaded from or downloaded to
  • The application which was used for the transfer
  • The file which was uploaded or downloaded
  • The direction of the transfer - are you looking for file uploads, file downloads or both?

Network Monitoring also provides an additional selection of factors that enable you to search and filter the most relevant events. For network events, you can also search by:

  • Source and destination IP addresses, as well as port numbers, making it easy to craft very specific searches about where your data has gone
  • The network protocol used for the transfer, either UDP, TCP or both
  • The resolved hostname of a destination for a file upload - making it easy to view all uploads to a specific service, like AWS
  • Geographic information, like the country and city data has been uploaded to or downloaded from
  • The filetype of the data involved in the transfer

The Network Monitoring capability is fully integrated with the rest of ZoneFox - so you can create rules that will alert you whenever data is uploaded to a specific country, when a user downloads a file from a specific website or when a specific file type is transferred using a specific application, and all of the factors that you can search on can be combined to create targeted searches or complex rules.

To learn more about how ZoneFox supports your security ecosystem, providing insights that you might currently be missing, we can talk you through a superquick 20 minute online demo so you can see for yourself!

Share This