June 2, 2010 By Andy Opsahl
While most government agencies can track where their employees go on the Internet and what they access on the network, doing so before problems arise can be impractical.
To monitor internal network activity, a government IT department typically uses a protocol like NetFlow, a standard developed by Cisco Systems for making network data readable. Other standards exist as well.
NetFlow sends huge amounts of data to a server, which can be overwhelming to analyze without a way to sift it, according to Neal Gravatt, network report specialist for the Metropolitan Transit Authority of Harris County in Houston.
However, after spending $5,000 to install software called Scrutinizer from vendor Plixer International in November 2009, Gravatt was able to see instantly where the highest Web traffic existed on the agency's network. This was especially useful because heavy traffic areas are usually where many security incidents happen. The software constantly records the activity of every government user so that when suspicious traffic is flagged, Gravatt can see a history of each user's activity.
In the past, Gravatt had to wait for someone to alert him to questionable traffic and then reactively deploy freeware that would track the user from that point forward. He couldn't install the freeware in advance because it collected superfluous data, which would have clogged the network. The new software, by contrast, collects only data he needs to investigate potential security breaches, making it less of a drain.
You may use or reference this story with attribution and a link to