It took the ancient Greeks 10 years to penetrate the gate defending the city of Troy, located in what is now northwestern Turkey, overlooking the Dardanelles.
If you recall your Virgil, the Greek army spent three days constructing a mammoth wooden horse (the emblem of the city) in which 32 warriors hid, and then duped the gatekeepers of Troy to wheel the supposed victory trophy past the barrier and into the city. In the dead of night, the Greek elite force exited their “Trojan Horse,” opened the gates from the inside to allow their comrades to enter, and subsequently vanquished the city.
Fast forward a few thousand years and we arrive at a modern equivalent. This time, the trojan horse attempting to enter the city of Richmond, Va. is of a digital variety, but the battle is the same: How to keep the enemy from entering the premises?
But, preventing trojans and other malware from penetrating its network was not the only challenge the city faced. It also needed to trace access to systems on the government network in a Microsoft Windows environment. This included access to databases and file-shares. Log data in the source systems is maintained for only a limited amount of time and is time-consuming to review and search for specific events, according to Daniel McRae (right), the city's IT manager, DIT infrastructure services. Once an event is found, he says, it is difficult to tie back to a specific user.
And, of course, this is important because his IT department is charged with safeguarding data from inappropriate or unnecessary access. His IT team also performs investigations as requested.
So, when providing usable data to his customers in order to meet these needs proved difficult with the native logging capabilities in the source and target systems, he and his 80-member IT team ramped up their search for a solution. Specifically, the task came down to McRae along with his Windows Server support team.
They began their enquiries looking at several options from various vendors, but most were cost prohibitive and did not provide the information needed. Then they took a look at a solution from PacketSentry.