netReplay is watching you
CCTV for the computer network
UK firm Chronicle Solutions has launched netReplay, a content capturing product, which it describes as a CCTV for computer networks.
NetReply is designed for easier storage and extraction of electronic communications, assists businesses in meeting requirements under new corporate governance rules.
The US Sarbanes-Oxley Act, introduced in the wake of the Enron and Worldcom accounting scandals, require auditing of all electronic communications.
In March this year, the European Union produced a framework for similar rules. The proposal is still some way from becoming law but European companies would be still wise to prepare for a likely auditing rules directive.
netReplay slices, dices, chops and cuts
According to Chronicle, netReplay helps companies achieve compliance with corporate governance rules. The product also helps companies enforce policies on employee use of Internet, email and Instant Messaging.
netReplay monitors, alerts, records, searches, archives, retrieves and replays "the actual content as it was originally seen or heard" by a worker. netReplay not only archives email and their attachments, but also webmail, Instant Messaging, files transferred and an exact copy of the Web pages that each employee has viewed, providing a forensically accurate audit trail. The storage requirements per employee could be huge, but Chronicle argues that this will be a legal requirement anyway. And it says that its technology stores content intelligently, reducing storage requirements by around 40 per cent.
Aside from its archiving features, netReplay provides real-time alerts for potential network misuse, including security breaches or when employees access sites that violate acceptable use policies. A US University is trialling the technology and Chronicle pitches it as a positive that it can point RIAA enforcers towards file-trading students if required. Should organisations act as policeman for the RIAA, we asked? Chronicle said if workers were doing anything illegal using corporate resources they deserve to be found out.
Ben Weiner, bizdev veep at Chronicle, said: "Employers can be held liable for the actions of their staff, and directors can be held personally liable. Our solution helps protect them against this, but equally empowers legitimate business usage".
Chronicle said netReplay promotes "responsible use of corporate networks for legitimate business purposes and encourages employees to focus on business activities, thus immediately improving staff and network productivity." It rejects any Big Brother imputations. Companies trialling its software report a reduction in disciplinary actions while, at the same time, uncovering incidents of wrongdoing.
netReplay also reduce retrieval costs for email, according to the company, which cites an example where its technology has disproved false accusations of sexual harassment, though it didn't furnish us with any details.
Weiner said: "There is a legal requirement to keep electronic communications over a period of time and, under the Data Protection Act, employees can legitimately ask to see copies of emails relating to themselves."
Dai Davis, an IT lawyer at Nabarro Nathanson, disputes this interpretation of the law. He said that starting point of the Data Protection Act is for companies not to retain personal data on individuals, although this must be set against the rights of companies to monitor traffic on their networks to guard against potential risk. The disagreement between Chronicle and Davis illustrates legal confusion over the mass of regulations about surveillance in the workplace. The very different requirements of anti-terror, data protection, human rights laws and Regulation of Investigatory Powers Act - and corporate governance regulations - create confusion.
Hyperscape opens Chronicle
London-based Chronicle Solutions changed its name from Hyperscape six weeks ago. netReplay is a redesigned follow-up to Hyperscape's uc.Lan product. Chronicle positions netReplay as a complementary to employee management products from WebSense and other. But unlike web filtering products, netReplay does not censor or limit Web access. This gets around the false classification problems that sometimes affect such products. Chronicle is avoiding the "saturated" web filtering market and is targeting financial services, health and pharmaceuticals industries with netReplay. It is also in talks with ISPs, which could use the product to meet regulations imposed on them by the UK’s Regulation of Investigatory Powers (RIP) Act. ®
Sponsored: Global DDoS threat landscape report