Let's say an unauthorized user is attempting to access a critical database in Finance. CyberCop has been deployed on the network. Here is what happens. The CyberCop Sensor protecting the Finance group instantly detects the attempt and begins collecting key data - Source and Destination IP addresses, ports used, services accessed. Via an encrypted link, it forwards these details to the CyberCop Management Server to be added to a permanent event record. The Server immediately sends a page (email or SNMP traps are also options) to the security administrator at home, complete with details of the attack. From the details on their alphanumeric pager, the administrator determines that someone from an outside network is attempting to use password guessing to pry open a Financial database server. The administrator accesses the CyberCop System remotely through a Web browser that displays a detailed record of previous event and alarms in the CyberCop Event Log. They see that several attacks have originated from the same outside network by looking at the source address of the intruder. With the information the administrator needs to take immediate action, they dial in and reconfigure a router to block access to the network from the attacker’s address. Next, a call goes out to the network manager of the ISP used by the intruder. The security administrator reports that a hacker is using the ISP as a jumping off point to launch attacks and requests the ISP to stop the attacks. For proof, the administrator provides the ISP with Sniffer® Network Analyzer trace files documenting the attacks on the Finance server. In the course of 10 minutes, CyberCop has identified an intrusion, issued an alarm and provided attack details. It has also supplied an event log and enabled the security administrator to take immediate action to protect the network and to build a case for possible prosecution. CyberCop Home · Product & Solutions · Resources Security Services · Events · Customer Center