User Activity Monitoring. Find out what is happening on your network.
Here we have the usual suspects when it comes to user problems on networks. Do you recognize anyone?
If so read on and learn how LANGuardian can finally show you what users are doing on your network without the need for agents or log files.
Typically LANGuardian is connected to a SPAN or mirror port and it uses deep packet inspection techniques to extract the user metadata from network packets.
This allows you to implement a user activity monitoring solution no matter what type of network device they use.
“Seeing what the users are doing in multiple different areas is really what made us purchase. It gives us a lot more detail of our internal network.”
Country Casual, USA
In order to be fully effective, tools for user activity monitoring have to give complete network visibility. This may appear an obvious statement to network managers accustomed to monitoring user activity on a network, but the truth is many tools to monitor users on a network fail to capture the data required to discover what is really happening on a network.
Flow-based tools to monitor user activity only provide top-level data about traffic volumes, the origins of networks packet and their destinations. They fail to recognize applications operating over multiple or non-standards ports, and those that piggyback other protocols at the network edge. Identifying HTTP traffic that originates from a CDN network is impossible.
Effective user activity monitoring is also impossible with agent-based software if your organization promotes a BYOD policy or provides a publicly-accessible WiFi network. In order to monitor user activity on a network in these circumstances it would be necessary to install software on each device that connects to the network. This is not only impractical, but in many states illegal.
Agent-based software for monitoring user activity on a network is also impractical if yours is a large organization or one with remote sites. The workload involved in installing and maintaining agents is significant and a drain on IT resources. The use of agent-based software to monitor user activity on a network is also unnecessary if you implement deep packet inspection (DPI) user activity monitoring.
Users interact with the network in many different ways during the average day. They visit websites, open and close files on file shares, send and receive email, interact with line-of-business applications and databases, download files from the Internet, upload photos and videos to sites such as Flickr and YouTube, perform online backups, and more.
These activities consume bandwidth and disk space and can sometimes – usually unintentionally – expose the network to intrusions, malware, ransomware, viruses, spambots, spybots, viruses, phishing attacks, and other security risks.
LANGuardian can monitor user activity by analysing network traffic. Typically LANGuardian is connected to a SPAN or mirror port and it uses deep packet inspection techniques to extract the user metadata from network packets. This technique is known as wire data analytics. User names are also shown though integration with Active Directory.
A web-based user interface provides access to the traffic data in the database. As it works on traffic data, there is no client software to install, no interaction with the devices on the network, and no impact on network performance. Finally you can now monitor user activity from one single console.
With LANGuardian it is easy to see all activity associated with a user. Customizable dashboards display user activity in real time, listing for example the Top current users of bandwidth. To get more detail on how they are using up all the bandwidth simply click on the total.
The user dashboard gives you a consolidated way to monitor user activity which helps to detect and investigate many different situations, including:
- Access to Windows file shares
- Transactions involving SQL Server databases
- Data leakage – files transferred outside the network
- Files downloaded from the Internet
- Use of specific ports and protocols
- Use of unauthorized applications and devices
- Use of a proxy server to gain access to prohibited websites
The user dashboard is also invaluable in a more general troubleshooting and monitoring context. For example, if you view a LANGuardian bandwidth usage report and notice that a user is consuming a disproportionately large amount of bandwidth, you can switch to the user dashboard and see a summary of that user’s network activity. From the user dashboard, you can drill down into details and identify the root cause of the user’s high bandwidth consumption. This is why LANGuardian is a really efficient way to monitor user activity.
You can use the search menu to find information on bandwidth troubleshooting, network forensics, file share activity or web activity. Alternatively, the user activity dashboard gives you a summary of all network activity from a user perspective. From these starting points, you can drill down to more details on each type of activity.
You can also use LANGuardian to investigate and report on past activity by users as it stores historical traffic data. You can use this data for advanced forensic analysis, creating audit trails, and troubleshooting problems that manifest themselves over a long period of time. If you need to monitor user activity then LANGuardian is an ideal solution.
The most common ways customers monitor user activity are as follows:
- Find out who deleted a file on the network
- Report on all applications associated with a user
- Find out what website a user was accessing
- Report on what users accessed a file or folder
- Find out how who are the top users of bandwidth
- Locate users responsible for bringing malware into networks
- Track what users are responsible for copyright infringements
- Show what users are copying the most amount of data to and from a server
How DPI User Activity Monitoring Works
DPI user activity monitoring works by extracting metadata from the headers and payloads of network packets. The raw metadata is converted into a comprehensible format using wire data analytics and then delivered to a central management portal where it can be viewed in real-time. The metadata is also stored in a separate database so historical forensics can be conducted to identify trends.
The central management portal provides network managers a single-screen view of network and user activity in context. Network managers can select any activity from the contextual view (user activity, application activity, web activity, etc.) and drill down into the metadata in order to monitor user activity in the minutest detail and identify potential problems before they happen.
With this deep level of visibility, network managers can identify who, when and how file shares and SQL databases have been accessed. User abuse and insider theft can be prevented, the risk of an accidental data disclosure can be mitigated, and network threats originating from devices wirelessly connected to the network can be eliminated.
With DPI user activity monitoring, network managers do not necessarily have to be sat in front of a computer screen to monitor user activity. Reports can be scheduled by username, user group, IP address, subnet, file name or web address, and the network user monitoring tool configured to alert network managers to specific network events.
The Benefits of DPI for Monitoring User Activity on a Network
The benefits of DPI for monitoring user activity on a network go well beyond preventing user abuse and insider theft. Implementing a network user monitor with DPI can help increase productivity by enabling managers to enforce acceptable use policies. Network user monitoring can also help improve network performance, protect against intrusion, and assist organizations with their compliance requirements.
Monitoring user activity on a network with DPI helps improve network performance by bringing bottlenecks, bandwidth issues and unused resources to the attention of network managers. A tool to monitor users on a network with DPI capabilities can also identify anomalies in network traffic – both within the network and on the network edge – to alert network managers to potential intrusions.
The ability to monitor user activity and conduct risk assessments with tools for network user monitoring contributes towards an organization´s compliance with industry regulations for the security and integrity or data. Reports can also be configured to provide audit trails of specific user or network activity to demonstrate compliance to inspectors within regulated industries.
A further benefit is that a DPI-based network user monitor achieves visibility over an entire network in organizations that promote BYOD policies or provide publicly-accessible WiFi networks. Due to the ease with which sensors can be deployed to extract raw data at remote sites, DPI-based network user monitors are also a practical solution for organizations with multiple or remote sites.
Monitor Users on a Network with LANGuardian
LANGuardian is an agent-free tool for monitoring user activity on a network that uses DPI and content-based application recognition to deliver total visibility. Easy to download and deploy on VMware, HyperV and standard server hardware, LANGuardian connects to the network via the core switch and a mirror port to provide continuous network user monitoring.
LANGuardian lets network managers know what is really happening on their networks without interacting with other devices and therefore with no loss of network performance. Its versatile search, alert and report mechanisms enable network managers to identify the root causes of network issues – consequently enhancing the performance and management of the network.
If you are struggling to capture the data you need to discover what is really happening on your network, we invite you take advantage of a free trial of LANGuardian. Download your free trial now or contact us to find out how you can monitor user activity on a network and evaluate LANGuardian in your own environment free of charge for the next thirty days.