Formerly Oakley Networks and now Raytheon Oakley Systems' core product offerings are SureView and CoreView, which offer policy-based insider threat detection, alerting, and forensics (archiving and analysis) capabilities to security enforcement teams.

The products seek primarily to identify mis-uses or leakage of corporate intellectual property--either accidentally or intentionally. SureView operates on the desktop level, utilizing individual software agents that monitor a user's actual desktop activities for suspicious behaviors based on policy definitions and report those activities to a central appliance; while CoreView is a hardware appliance that passively analyzes network traffic at the network perimeter and/or interdepartmentally, depending on the needs of the administrator.

SureView is a server/agent platform in which individual agents are loaded onto the end user machines and perform the actual monitoring of the user's activities based on administrator defined policies. Such monitoring capabilities include the ability to watch Web, Webmail, or E-mail communications, including the identification of encrypted mail transmissions (i.e., the agent can intercept and collect a message before it is encrypted); IM messages; the moving of files to external devices; collection of print jobs sent through a Windows printer spooler; keystroke logging; use of Office programs; and more. Information is collected and sent to a central server for further analysis (via a Web-based interface) by security personnel; such analysis can include the ability to visually replay the user's actual activities at the point the alarm was triggered. Agents continue to monitor user activities even if the host machine is disconnected from the network. Transmissions from the agent to the server are encrypted (SSL); and the server's DB itself is encrypted.

CoreView provides monitoring capabilities at the network communications level, either at the network perimeter or between key departments (or both). CoreView is a hardened Linux-based appliance with dual Xeon processors and multiple Gig interfaces (copper or optical networks supported). The appliance provides Layer 2 capture and Layer 3-5 and 7 packet analysis of traffic and payloads in both directions; again, searching for potentially unusual activity and/or the leakage of sensitive documents with real-time alerting features. The vendor states that the appliance supports all common file formats and all common protocols, and it retains a record of communications via RAID 5 storage (up to 1.6 GB).

New features in the latest SureView/CoreView release include:

- Text Collector functionality for SureView, with the ability to capture and examine displayed text from proprietary apps

- Enhanced agent health diagnostics (SureView)

- A Data import/export tool (SureView)

- Hardening of the SureView agent, to prevent tampering, removal, etc.

- Support for IMAP (CoreView)

- Archiving features (CoreView)

- Diagnostic reporting for network collector health, communication, and performance statistics

SureView and CoreView are available now. Contact Raytheon Oakley Systems for further information.