Monday, July 26, 2010

Checking out PacketMotion

PacketMotion came by my office in Stow last week, leading to a lively discussion on the direction of network security. The company, founded in 2004 with its flagship PacketSentry product at version 4.0, has been around too long for Early Vibe status in this blog. However, PacketMotion is embracing a few unique ideas that may give security teams the flexibility they need to meet corporate functionality and cost-of-ownership requirements.

Corporate networks are dynamic as IT gains flexibility with wireless access, virtualizes applications and desktops, and increasingly relies upon browser-based cloud applications to support the business. This trend changes access paths between users and applications, and challenges security that is based on static addresses.

User Activity orientation allows IT to focus on securing business policies of users and applications. PacketSentry integrates with Active Directory to monitor user traffic to applications, with the option of killing non-compliant connections. Security policies are less dependent on the network infrastructure and are more easily mapped to business requirements.

Virtual Segmentation features provide a virtual PCI-compliance partitioning of resources by automatically monitoring and enforcing user activity to regulated applications and data repositories. That is, rather than deploying internal firewalls and replicating security mechanisms in the network, PacketMotion’s virtual segmentation helps assure that users and programs do not step out of bounds and access unauthorized business resources.

Automate compliance reporting with significant cost savings. Compliance mandates are designed to ensure the security of a business process and confidential data. Traditionally this has been done in a bottom-up manner starting with individual security products and then aggregating and correlating results into an overall business view. PacketMotion’s top-down approach reporting user and application activity across a broad range of protocols saves IT a lot of pain and can significantly reduce the burden of compliance reporting.

PacketMotion does a lot of things. In fact, one of their larger challenges is defining a strong position in the marketplace that also addresses priorities in security budgets. Since PacketSentry is a network appliance in the datacenter that looks at and records activity there will be pressure to place the company into a SIEM bucket (because it records activity), an NBAD bucket (because it can detect and terminate unauthorized behavior), or an automated GRC bucket (because it automates compliance). The company has good leadership and will find its way, but for now its differentiators are worth examining for forward-thinking security teams.