I find it interesting to communicate with someone using technology from time to time rather than just speaking with the representatives of the supplier of that technology. Andrew Gahm, systems and security engineer at South Jersey Healthcare took the time to let me know how his company is using PacketMotion.
Please introduce yourself and your companyMy name is Andrew Gahm and I’m the systems and security engineer at South Jersey Healthcare. I have been working as an IT security engineer and administrator in the healthcare industry for approximately 22 years.
South Jersey Healthcare is a charitable, nonprofit health care organization and network of hospitals, clinics, offices and doctors serving the citizens of Southern New Jersey. The healthcare organization was formally established 15 years ago, but traces its roots to 1898 when the original Bridgeton Hospital opened its doors.
What are you doing that needed PacketMotion’s technology?We are using PacketMotion to help us in investigations when incidents happen. PacketMotion is giving us a lot of information about what’s happening and user activity on our physical and virtual network that we didn’t have before. It ties all this into Active Directory – nothing ties all the user activity together like PacketMotion does.
We needed PacketMotion to help us with incident trouble shooting. PacketMotion is watching what’s going on throughout the physical and virtual network, and if anyone has questions we can find the answers. If a PC is trying to spread viruses, we can quickly identify it. If someone’s file gets deleted, we can quickly find it for them.
As an example, if someone logs on to an old PC that has a virus, it may try to spread the virus to every open share on the network. Newer machines have antivirus protection that won’t let the virus write files to them, but that doesn’t mean we can tell which PC is spreading the virus. It would have taken us hours before to find the infected PC, but now with PacketMotion we can find the issue right away and get it off the network.
What products did you look at before making a selection?We have seen several other products over the years in this space, but we were in the market for the specific capabilities that PacketMotion delivers. I was referred to PacketMotion by a former colleague, who said she had never seen anything like this before. She said she had never seen anything track to the detailed level of IP address, work station name, file name, etc. in physical and virtual environments that PacketMotion does.
Why did you select this product?We selected PacketMotion for its ease of use and the level of detail it provides when doing investigations on the physical network, and now the virtual network. We are getting proactive with this product. I now receive an email report every day with what Active Directory changes have been made. If I’m going to put a server out there and there’s no reason anyone should be touching it, I have alerts set. If anyone goes and browses the file shares I get notified. Then I can contact that person as ask why they are going to that file.
I also saw that if we were to have a HIPAA violation, I could go to PacketMotion and see who accessed a sensitive file. With PacketMotion, I can get information when I’m asked for it.
What tangible benefit has your organization received through the use of this product?PacketMotion saves us significant time in our incident investigation, so we can spend time on other things for the healthcare organization. It helps us weed out potential problems, and look for things that shouldn’t be happening on the network.
It also gives us an important data savings capability, too. Users’ files disappear, and when they do, it would take a long time to recover the data since we have terabytes of storage space. With PacketMotion, we can find the lost data easily.