Profile: Academic organization with over 14,000 network users

Problem: Dramatic peak in bandwidth consumption in a 24 hour period

NetFort LANGuardian Solution: The level of visibility into network and user activity provided by the LANGuardian immediately helped to detect the source of the problem by revealing a user, a set of filenames and a detailed view of  traffic uploaded and downloaded. The detailed report on suspiciously high levels of P2P activity highlighted a long list of .torrent files that a particular user had downloaded over a 24 hour period.

Employee taking highly sensitive company data to new employer

Profile: Large International Insurance Company

Problem: LANGuardian dashboard alerts IT to a sudden, unusual user behaviour on the network

NetFort LANGuardian Solution: This sudden unusual user behaviour warranted further investigation. Using the LANGuardian’s drill-down capabilities to determine the source of the issue, it was revealed that a number of highly sensitive documents had been moved from the network to a removable device attached to a specific network users PC. It transpired that the user in question was leaving the company that day to take a job with a direct competitor and had tried to take highly confidential information with him.

Conficker Worm is not dead yet

Profile: Large Institution with over 25,000 Network Users

Problem: LANGuardian alerts IT Management to a number of failed login attempts from a remote site. Conficker worm found!

NetFort LANGuardian Solution: This institution has a number of remote sites operating through their core switch. The LANGuardian dashboard signalled an IDS Event Alert  which indicated a number of failed log on attempts from a remote site. Further investigation revealed that this was the Conficker Worm at work. It was attempting to infiltrate other remote sites. LANGuardian provided IT with the agility to react rapidly. The port on the remote site was immediately blocked and further damage prevented.

LANGuardian alerts to spam attack where AntiVirus fails

Profile: Local Authority with 500 Network Users

Problem: LANGuardian dashboard alerts IT to a DNS MX Flood on one of the network ports. This type of alert usually indicates a system generating spam.

NetFort LANGuardian Solution: The LANGuardian alert enabled IT to react instantly to prevent any major incidents on their network by blocking off the port that the flood occurred on. Drilling down into the detail of the LANGuardian report, it was highlighted that the traffic was associated with a specific IP address or user. Investigation into the details around the alert supplied by the report revealed that the user had clicked on a link contained in a suspicious email that had arrived into her inbox. AntiVirus software failed to detect any unusual activity so LANGuardian’s rapid detection of this problem enabled IT to react with agility and prevent a major incident on the network.

High volumes of unusual traffic patterns

Profile: Large Local Authority with remote sites

Problem: LANGuardian dashboard highlights a huge increase in activity on a  Traffic Sensor

NetFort LANGuardian Solution:  On examination of the LANGuardian traffic distribution report, a massive data transfer was detected between one main server and over 100 internal hosts over a specific port.  This  resembled activity for a scheduled back-up. However, this data transfer occurred outside of IT's scheduled back-up slot. IT were able to react quickly to this situation which would have gone unnoticed without the help of the LANGuardian.