User Activity Management

By: Packetmotion  09-12-2011
Keywords: Activity Monitoring

PacketMotion’s User Activity Management (UAM) system captures and saves detailed user transactions across the enterprise, correlating those transactions with identity management systems, indexing the data for quick access, and applying comprehensive reporting and proactive rules to the transaction data.

Built on a robust, yet easy to use rule engine, PacketMotion’s UAM system enables organizations to “blacklist” or “whitelist” specific user behaviors, create alerts based on access levels and known or anticipated behaviors, and block user actions that are identified as being suspicious or out of the norm. PacketMotion provides visibility of detailed user actions at the edge of your network for transactions both inside and outside the network.

What Does the PacketMotion UAM System Do?

With PacketMotions UAM solution the information on user activities is formatted as User Activity Records describing the user and what the user did. This information takes the form of:

  • File names, and folders names
  • Database names table names, and queries
  • Internet chat and Instant Messenger names
  • Login attempts, both successful and unsuccessful
  • Transaction data from applications and protocols used in the enterprise

Our UAM system can then identify each User Activity Record, or “transaction” tied to each user, giving you complete transparency. Transaction records in the PacketMotion UAM system are full-text-indexed and made searchable with Google-like search functions – allowing the history of all user actions in an enterprise to be recorded and monitored, for the first time.

PacketMotion stores transactions in a SQL relational database, and an integral reporting engine makes it easy to predefine reports on security, compliance, and network performance. PacketMotion’s UAM system even blocks unpermitted actions in real-time, by implementing connection resets to the offending user.

The Benefits of UAM

PacketMotion’s UAM solution spans both traditional and virtualized environments providing the same level of granular user activity data. UAM provides a new level of visibility and control to virtual clusters for user-to-VM and VM-to-VM communications involving sensitive data that is not transmitted over a traditional network. UAM provides fundamental benefits in the following use cases:

Database Activity Monitoring – The UAM solution meets stringent audit and industry compliance reporting requirements (SOX, PCI DSS, HIPPA, etc) and deters fraudulent activity by providing visibility and secure control into identity-based user activity and database responses.

File Shares – PacketMotion’s UAM solution provides activity based monitoring of File Shares (Windows, NetApp, SharePoint, etc) and provides granular controls that limit access and prevent fraudulent behavior.

Virtual Segmentation – PacketMotion replaces traditional port based and IP-addressed firewalls and has the benefit of providing granular audit trail of user activity which satisfies compliance reporting requirements.

High Risk User Management – PacketMotion provides the foundation for actively managing superusers and high risk users access to sensitive data and monitors access control integrity with Active Directory. PacketMotion’s UAM solution also monitors and controls the activity of domain and application accounts to prevent unauthorized access and fraudulent activity.

Why UAM?

PacketMotion UAM’s ability to provide detailed insider behavior across the enterprise delivers immediate benefits which are responsible for generating a compelling ROI. Some of these benefits include:

  • Dramatic reduction in compliance reporting costs
  • Automation of security controls and reports
  • Rapid investigation of past behavior of a user or rogue user actions
  • Detection and remediation of improper or suspicious insider activity

Keywords: Activity Monitoring

Other products and services from Packetmotion


High Risk Users

Privileged Users – IT Administrators, third-party consultants, external support teams and managed service providers are granted very broad access to IT systems, including critical infrastructure and sensitive data repositories. PacketSentry’s architecture is based on network-based deep packet inspection and identity correlation at the Active Directory domain, database, and application levels.


File Share Activity Monitoring

Unlike other solutions on the market, PacketSentry accomplishes these tasks without the use of agents or in-line appliances, allowing you to integrate PacketSentry into your network in a matter of hours, without the possibility of affecting production data or taxing system resources.


Database Activity Monitoring

Stringent compliance reporting requirements from an array of mandates such as SOX, PCI DSS, ISO2700x and HIPAA/HITECH require comprehensive database monitoring solutions, and strong access controls to combat fraudulent activities. PacketSentry provides a granular identity-based audit trail of all database activity – down to specific instances, tables and queries – without agents or heavy logging.