Flow data represents proprietary but open protocols developed by network device manufacturers and built into routers and switch interfaces to collect and measure IP traffic information. In conjunction with Securify's unique identity-based monitoring abilities, this network flow data provides a scalable, relatively cost effective way to gain broad visibility across network usage for operational, security and compliance requirements. The most commonly used types of flow data are Cisco's NetFlow and Juniper's J-Flow. Flow data typically captures the source and destination IP address and port; the type of protocol the traffic uses; the type of service being provided and the logical interfaces for the flow. While utilizing flow data does require some minor device configuration, it does not typically adversely impact network performance.

Securify collects and analyzes flow data, including NetFlow and J-Flow and enhances it with our unique identity capabilities. Companies that utilize Securify's identity-based discovery and control views gain a real-time, true picture of actual usage and context across the entire network including 'who, what, when, where and what'. Unlike traditional flow collection and behavior tools, Securify does not require a learned baseline. Specifically, Securify offers:

• A True, Identity-driven solution which delivers a real-time business usage view of "who is doing what and where" from the instant each user logs on. Securify natively integrates with existing directory stores and dynamically imports directory groups, user-to-group associations, and defined business systems. This in turn delivers full user-activity oriented discovery, delivers real-time controls and enables in depth queries and real-time user 'watch lists'.
• An Identity-based Discovery view of business usage that is automatic and continuous. Discovery correlates all activity to a user, across all users (and groups). Our Discovery capabilities require no integration, no baselines, and no pre-determination of what should be happening. Securify customers typically use our intuitive Discovery view to gain immediate knowledge of business unit and application activity, and to shortcut many inaccurate and manual processes such as surveys and log analysis.
• Identity-based Control, with mitigation when required: Securify delivers optional automatic verification of usage against any business policies or security practices. Typically the usage found using our Discovery capabilities can be leveraged to verify and create explicit, positive, role-based controls for user access and behavior. When required, Securify also delivers cost effective mitigation capabilities, implemented via real-time email alerts, or enforcement signaled back to the network infrastructure.

Typical Use Cases for Leveraging Securify and Flow Data

Streamline Audit and Compliance

Securify leverages flow data to help meet compliance and audit requirements by:

• Monitoring for verification and compliance
  • Verifying actual access by users, groups, roles to ensure effectiveness of access controls to critical business systems
  • Simplifying compliance monitoring and reporting
  • Improving audit posture: detect unauthenticated users, unapproved applications, and user or privilege deprovisioning on non-integrated commercial applications
  • Verifying access of privileged users with broad rights (e.g. outsourced IT staff)
    • Provide better proof for auditors (e.g. access verification, configuration management)

By leveraging both flow data and its unique identity-based information, Securify provides continuous, real-time visibility through monitoring 'who, what, and where' in order to prevent insider risk. Specifically, Securify helps:

• Deploy real-time user-based 'watch lists' for monitoring of high-risk users, and to gain alerts on misuse, such as leap-frogging and unauthorized sub-outsourcing, custom to the specific business environment
• Detect anomalous, insecure and malicious behaviors for outsourcer and privileged users in real-time
• Detect pre-cursor activity such as network scans, service probe, failed logins and worm propagation
• Detect 'exceeded thresholds' including excessive data transfer (by bandwidth for example)etc.
• Provide network context to detect unauthorized sources and bypass of access systems
• Deploy policy by location through our unique security zones
• Correlate different types of events and repetitions of events over time
• Verify L3 security policies (to help deploy/maintain firewall, intrusion detection, intrusion prevention)

For Network Operations Teams, Securify utilizes flow data to provide a unified view across users, applications and assets to reduce reactive workload issues by:

• Speeding diagnosis and troubleshooting time for level 2 issues
  • Reduce reliance on log analysis to pinpoint issues
• Knowing which exact users and groups will be impacted during problem resolution
• Quickly showing which users are consuming bandwidth with what applications
• Instantly knowing when misconfigurations are impacting network performance
• Providing a real-time user-based watch list to pro-actively prevent usage issues
  • Alerting in real-time when users exceed usage thresholds
• Leveraging the existing infrastructure, including flow-based data, to aid in issue resolution
• Optimizing network planning by understanding, in real-time, which users and groups are actually using each system, how they are using it and when