NetFort Advertising

netfort-gdpr-partnership-case-studyNetFort LanGuardian is a network traffic and security monitoring solution.

In this GDPR compliance partnership case study, you will discover how NetFort helped a Danish management software reseller achieve GDPR compliance to articles 32, 33 and 34 in multiple projects.

Meet Draware, a Danish management software reseller

Draware A/S is a Nordic distributor and reseller of management software.

Their three business focuses are (Network) Monitoring, IT security, and ServiceDesk and their customers are primarily medium sized and enterprise companies as well as public organisations and government agencies in the Nordic area.

Their full-service cycle and product portfolio have made them the preferred reseller of management solutions with more than 50% of the Danish C20 index companies (the index of the nations most transacted shares) and a majority of the Danish municipalities as well as a number of enterprise companies in Denmark and in the Nordic countries.

Christian Schmidt, CEO and Owner

Christian is the CEO and Owner of Draware.

He was also a CEO of MicroGrafx Nordic and iGrafx Nordic from 1995 to 2001, making him a veteran of the software industry.


chistian-schmidt-draware

GDPR compliance is like trying to solve a complex jigsaw puzzle.

No one software application can achieve GDPR compliance on its own.

NetFort, however, is the best solution in the market to help achieve compliance to GDPR articles 32 to 34.


The initial problem

With GDPR around the corner, many companies are trying to ensure compliance, not knowing where to start.

They turn to companies like Draware, who help them audit their risk and start their compliance project, around 4 pillars: 

  • Alerting
  • Reporting & Audit Trail
  • Traceability
  • Accountability

GDPR compliance is a tough challenge, especially for companies not accustomed to compliance issues.

Many companies have already had to deal with many other compliance standards, like HIPAA or CSC20, but GDPR is on another level.

While there is no one-stop-shop for GDPR compliance, the puzzle can be solved using several pieces that integrate well together.

NetFort’s LANGuardian is the ultimate network activity monitoring tool, and we’re going to show you how it can help you comply to articles 32 to 34 of the GDPR, that revolve around monitoring:

  • Network events
  • User accesses to files and databases
  • Data breaches

Companies also need to be able to report on unlikely breaches to the authorities.

gdpr-data-protection-requirements

GDPR Partnership Case Study – Step 1: Alerting

Until 2018, most companies weren’t monitoring network traffic, at all.

This is going to change since GDPR requires close, real-time monitoring, a key function of LANGuardian.


Let’s say you want to know how many SQL servers are on your Network. Or how many users are connected to a certain application.

You can scan manually everyday, and check that nothing funky is going on, but it’s a lot of hard work (and time), and nothing ensures that you won’t miss something important.

GDPR Compliance requires attention to detail, which is why continuous monitoring of traffic is key. It ensures you are continuously monitoring for any changes, e.g. new devices on your network.

By using LANGuardian’s monitoring and alerting features, Christian was able to provide his clients with real-time network analysis.

Every device and user on the network leaves a traffic trail. Using this trail, passive and continuous traffic analysis, continuously, LANGuardian will generate an inventory of all servers and applications on your network.

Then once it discovers a new SQL server on the network, it will automatically create an alert and let you know.

This ensures that nothing happens on your network without you knowing, which is the first step to GDPR compliance.

It helps you:

  • Avoid Data Breaches
  • Avoid network intrusions
  • Minimize the attack surface
  • Etc.

Discover How NetFort Can Help with GDPR Compliance

NetFort LANGuardian can help you comply with GDPR around 4 pillars:
  • Alerting
  • Reporting & Audit Trail
  • Traceability
  • Accountability

Step 2: Reporting & Audit Trail

One of the main GDPR requirements is to be able to report on everything that happened on the network in the event of a data breach.

That’s what LANGuardian provides.


Let’s stick with our SQL servers example.

Every month, LANGuardian will send out a list of current SQL servers to approve to the designed employee.

And everytime that said employee approves the list, the software keeps a trail.

This creates a record of how many servers were on the network at a given time, and gives you the ability to go back in time to see what changed and when.

Alerting and reporting are the 2 most crucial aspects of GDPR compliance.

You can’t stop at “I think there are x servers on my network” – you need to know.

Very cost effectively, with minimum storage requirements, LANGuardian keeps this audit trail for long periods of time, allowing you to show what you’ve been doing for compliance and all have the data required at your fingertips for investigations, forensics and reporting.

This is a very important factor for compliance, as we’ll see later.

gdpr-data-protection-principles-infographic

Step 3: Traceability

GDPR leaves very little room for companies, especially in the event of data breaches.

Fortunately, there are ways for you to track everything that happens on the network and go back in time.


Let’s take a straightforward example.

Say you’re in possession of senstitive data. It can be personal data or other type of sensitive data.

In order to keep working from home, you or one of your employees copies the data into an Excel spreadsheet, then into a USB stick, and proceeds to loose it in public transport.

If the USB stick is not encrypted, you’ve got a data breach, and GDPR article xx stipulates that you need to report on when the event occured, and exactly what data was compromised.

What you need is a time-travel machine, and that’s exactly what LANGuardian is: it provides traceability.

In this case, you’d be able to know:

  • The name of the file
  • When it was copied
  • Who copied it
  • What device is was copied to

This traceability applies to everything that happens on the network, on every device.

This is the key part of GDPR – rapid forensics, instant access to all the data you need to answer any queries, demonstrate compliance and support any investigations.

Key GDPR concept: Accountability

A key aspect of GDPR is data security.

Companies need to be able to demonstrate that they’ve done enough to protect personal data and in the event of a breach or notification, have an ‘audit trail’ to go back on in order to investigate and report.


Every company that falls under the GDPR requirements then needs to put a system in place allowing it to:

  • Keep track of the actions taken for compliance
  • List, detail and report on such actions
  • Alert on unusual network activity
  • Whitelist and blacklist certain servers/devices/etc.
  • In the event of a data breach, report on the breach with the exact details
  • In the event of a breach, show that it won’t happen again

At the end of the day, it’s about making sure that you’ve done enough, and that you’re able to show it.

This type of thing already existed with other standards, such as CIS/CSC 20, which is often used as a guideline for GDPR compliance, but there was no mean to enforce the standards.

Very significant fines come with non-compliance to GDPR, so companies have to be ready sooner rather than later.

Discover How NetFort Can Help with GDPR Compliance

NetFort LANGuardian can help you comply with GDPR around 4 pillars:
  • Alerting
  • Reporting & Audit Trail
  • Traceability
  • Accountability

Get your GDPR Compliance right

Ask for a demo to see how Netfort can help you comply!

NetFort’s flagship tool, LanGuardian, allows you to monitor, track and store everything that happens on your network.

Simply put, it’s the #1 Network Security compliance solution.