05/02/06 Reconnex Confidential

Ratinder Paul Singh Ahuja, Ph.DC.O.O & C.T.O

05/02/06 Reconnex Confidential

The ReconnexiGuard

Reconnex performs content monitoring, alerting, andforensic analysis

• Workplace Safety• Appropriate Use of

Corporate Resources

CorporateGovernance

• “Insider” Threats• Forensics• Social Engineering

CriticalInformation

Security

• IP theft• Defensibility of Trade Secrets• Competitive Intelligence

CompetitiveAdvantage

• SOX• GLBA• HIPAA

Compliance

• SB1386

Switch

05/02/06 Reconnex Confidential

Traditional Bottom UP Approach

BitsBits

PortsPorts

ProtocolsProtocols

CommunicationCommunication

• Firewalls/antivirus

• Networkintrusiondetection/protection

• Network flowtools

• limitedsessionreconstruction

05/02/06 Reconnex Confidential

The Bottom Up View:Bytes, Ports and Protocols

05/02/06 Reconnex Confidential

More Bottom Up

05/02/06 Reconnex Confidential

New Approach: Top Down

BitsBits

PortsPorts

ProtocolsProtocols

CommunicationCommunication

Objects, document Objects, document & applications& applications

WORD JPG GIF BMP TIFF C++

05/02/06 Reconnex Confidential

What Can You See? Over 150 contenttypes

E-Mail Microsoft Excel

ConfidentialDocuments

ProprietaryFormat

Microsoft PowerPoint

Schematics

Offshore Development

India Romania

Sourcecode

05/02/06 Reconnex Confidential

The ReconnexiManager

Reconnex has the ONLY Solution ThatAddresses the Known and Unknown Threats

Register — Detect — Remediate — Report

GigabitEthernet

The ReconnexiGuard

Executive Team

Off-Shore

InfoSec/IT

SignatureMatch

Finance

SalesDatabasesor Repositories

Integration Points• SIM• Storage• AD/LDAP• URL Filtering• Web & Mail Proxies

The ReconnexiController

Rule Match

Switchor Tap

“Reconnex’s forensicscapabilities are a key pieceof my compliance policy.”

CONFIDENTIAL - All RightsReservedReconnex Confidential

Reconnex Surveillance Types

• General Surveillance of all content, documentsand communications

• Document/Date/Time/Size/Watermarks/Sender/Recipient…

• Targeted Surveillance, powered by ReconnexDocument Registration

• Exact or Generic Phrases/Individuals…• “A Unique Solution to the Problem of False Positives”

• Can be operated on an ad hoc orscheduled basis

05/02/06 Reconnex Confidential

What does Reconnex iGuard do?

• Captures, classifies and stores in real time all content going in orout of a network

• Alerts are generated for policy violations in real time

• Allows for forensic searches over captured content for issues thatyou may become aware of in the future

Gigabit network

05/02/06 Reconnex Confidential

RCPE

The Reconnex Difference

Network Traffic RuleCreator

Real-TimeAlerts End User

HistoricalContent(RFS)

Content Summarization Look Up Table

Inbound capture(?)

Outbound capture

ForensicInvestigator

05/02/06 Reconnex Confidential

Why don’t other products do this?

HistoricalContent(RFS)

Content Summarization Look Up Table

ForensicInvestigator

!!Because it’s HARD!!

05/02/06 Reconnex Confidential

Easy to use Browser based access

05/02/06 Reconnex Confidential

Drill down to actual content

CONFIDENTIAL - All RightsReservedReconnex Confidential

Moments of Revelation from“Top Down” Work with Reconnex

05/02/06 Reconnex Confidential

www.reconnex.net