GDPR – Choosing NetFort to help meet requirements
The General Data Protection Regulation (GDPR) (2016/679) was initially published by the European Commission in January 2012. Following a two-year implementation period, it comes into force across the European Union on 25 May 2018. It will replace the existing Data Protection Directive 95/46/EC.
GDPR – Key points
- When an organisation becomes aware of a personal data breach, the supervisory authority of the member state must be notified within 72 hours. If notification is not made within 72 hours, the controller must provide a “reasoned justification” for the delay.
- Rights to access of data, portability of data and erasure of data
- Data protection principles. Personal data must be processed in a secure manner using appropriate technical or organisational measures
- Accountability, monitoring, must be able to demonstrate control and compliance
- Fines for non compliance, up to 4% of annual worldwide revenue or 20 million euro whichever is the larger.
Article 32 specifically compels companies to look at existing best practises. One very practical and detailed source is the CIS Critical Security Controls for effective Cyber Defence. CSC 1, Inventory of Authorized and Unauthorized Devices requires ‘passive tools that identify hosts based on analyzing their traffic should be employed’.
NetFort LANGuardian is a network traffic and security monitoring solution. As LANGuardian continuously monitors internal and external activity focussing on users (by IP, MAC address or Active Directory user name) applications and shared data it naturally addresses a number of critical requirements. A real time and historical solution, every device, user and application on the network leaves a traffic trail, the LANGuardian continuously analyses this trail and extracts, retains granular detail for long periods which can be used to help demonstrate compliance.
LANGuardian extracts application specific information on every internal and external transaction and also builds up an inventory of devices including servers on the network. It presents real time dashboards to ensure you always know what is actually happening across your network and stores this granular metadata or audit trail in its built in database. As a result, it a valuable tool to assist with GDPR and answers the following basic requirements:
- Shared Data – Windows and UNIX shares, SQL databases
- Who is accessing internal files and folders? When? What actions are they performing?
- Who is accessing SQL server databases ? What queries are they running ?
- Who is trying to access folders/files they do not have access to ?
- Who is copying large amounts of data, deleting folders, renaming huge numbers of files very quickly?
- What devices are actually on the network including servers, clients,mobile devices and WAPs?
- Alert me when a new device appears on the network.
- What applications are in use? Who is using them? Alert me if an application not on my whitelist is detected.
- Intrusion Detection
- Who is trying to steal my data?
- Who or what is acting suspiciously on my LAN?
- Alert me in the event of suspicious file share activity, eg. a a ransomware attack.
- Who communicated with an external machine without doing a DNS lookup?
- Incident Response, Forensics
- Who got infected first ? Which other machines they they talk to?
- Who is trying to access a known bad blocked malware site that shows they are infected?
- Who accessed the customer folder before it was leaked?
- Continuous Monitoring
- Faster Earlier Detection and response before a breach happens
- Account for activity
- Ensure appropriate usage and efficient use of valuable resources
- Ensure Internal visibility – the cornerstone of network security
LANGuardian can help with all of the above and as a result help deliver many of the requirements of the GDPR act with a key focus on several specific areas including article 22, 24, 31, 32 and 33.
Also, as it does not require any agents, clients, or logs, it is very easy to implement and use, suitable for organisations of sizes with users of various skill levels.
Companies are required to implement reasonable data protection measures to prevent leakage of personal data. (Articles 22 and 30).
LANGuardian provides both real time and historical visibility of all file sharing and data movements on the LAN and WAN. LANGuardian security features detects and alerts on insider threat, lateral movement, suspicious activity including ransomware attacks, etc.
There are specific rules for data breach notifications, requirements in terms of time to report breaches and be able to report on specific details of any breach (Articles 32 and 33).
LANGuardian maintains a record of all device and user activity very cost effectively in its database. It extracts granular metadata on all activity from network traffic, generates alerts and stores the metadata in its database. The data stored can be search for any time period by IP address, user name, file name or domain. Storage of historical network events and comprehensive analytical capabilities make LANGuardian the ideal solution for your GDPR incident response and network forensics requirements. When you need to investigate an incident or respond to a request for information on data, files, LANGuardian is the single reference point for all the detail you need.
Companies are required to do Data Protection Impact Assessments (to understand the risks of a breach). This includes knowing what data is where. (Articles 33 and 33a).
LANGuardian key strength is monitoring data ‘access patterns’, and to continuously report on inventory, servers, including internal file shares and databases and who is accessing and what they are doing. Every device and server on the network leaves a traffic trail. LANGuardian captures and analyses this trial to ensure you always have an accurate up to date picture of data movements on your network with minimum implementation costs.
Recording activity, events for audits, forensics and investigations. This includes long term retention, easy access and search. (Article 24).
LANGuardian maintains a historical record of all user and device activity using network traffic analysis. It also includes an application recognition engine that recognises over 1000 applications and can also be customised to recognise proprietary applications. As the LANGuardian does NOT retain every single packet, but application specific metadata and also detail on every transaction (including every file access and SQL query). This results in a huge data reduction, 400:1 over full packet capture and a very cost effective long-life database. The data and context is an ideal audit trail of all access to data on servers and databases.
‘A security strategy that incorporates vigilant and detailed insight into the network makes a huge difference. LANGuardian makes this difference a reality.’
Shawn, IT analyst, Oil and Gas processor
Contact our support team to learn how the LANGuardian can help you address your GDPR requirements.