Keep Data Safe by Seeing Packet Patterns

  • Calendar Icon

Network troubleshooting, performance monitoring, and security are daily tasks in the data center. Add data privacy and other regulations in the healthcare, government, education, finance and other sectors, and you are adding another level of complexity to your network monitoring. Network visibility solutions that recognize data patterns can help reduce business risks by inspecting the packet payload, providing insights on specific data patterns, masking data to improve data privacy, and support compliance to HIPAA(1), PCI(2) and internal best practices or recognizing patterns that alert security. This week’s blog takes a deeper dive in to recognizing patterns.

Search Patterns

Pattern matching uses regular expressions to define search patterns. These patterns can then be used to find strings of characters in files, databases, and network traffic. One of the earliest uses for pattern matching was text editing. A user could use a regular expression to search and replace a particular string throughout an entire document using a single command.

An example of a regular expression is “\b\d{5}\b.” This expression can be used to find any five digit US zip code, such as 49017. This regular expression can be expanded to search for a nine digit zip code like 49017-3822. The expanded version of the expression is “\b\d{5}-\d{4}\b.”

Take Action

After a desired string of characters is matched by a regular expression, several types of actions can be taken. Depending on the system, these actions can include:

  • Generate an alert message
  • Highlight the data
  • Mask the data by replacing each of its characters with a different character
  • Remove the data altogether

An example use for masking data is complying with privacy regulations like HIPAA or PHI. These regulations require companies and organization to protect private information, such as social security numbers, credit card numbers, and health related information.

Pattern Matching Applications

Today, pattern matching is used in numerous applications like text editing, compiling computer programs, and protecting private data during network monitoring activities.

Protecting private data, while monitoring networks, represents one of the growing uses for pattern matching. In order to solve a network problem, a troubleshooter must monitor network traffic and examine its packet headers (e.g. Ethernet Header, IP Header, etc.). However, the payload portion of a packet may include a person’s personal information that needs to be protected.

Pattern matching can be used to mask personal data in the payload portion of each packet prior to the packet being examined. This capability assists organizations with complying with regulations like HIPPA and PHI.

Another use for pattern matching is filtering. When a match occurs, the action can be to either drop the packet or pass it. This type of application is applicable when a virus or malware is identified in a packet. In some cases, the action may include dropping the entire network session.

Typical Regular Expressions

A typical regular expression library could include the ability to search for the following types of data:

  • Credit Card Numbers
  • Phone Numbers
  • Zip Code Numbers
  • Email Addresses
  • Postal Addresses

Typical Pattern Matching Features

A user should easily be able to perform the following functions with a pattern matching system:

  • Have commonly used regular expressions available in a library.
  • Add additional regular expressions to the regular expression library by copying them from the plethora of expressions found on the Internet.
  • Test whether a regular expression matches a particular string without having to configure a network to send the string through the system.
  • Allow the user to mask data using a user selectable character.

APCON delivers a pattern matching feature as part of its network and security visibility solution. This allows the inspection of the packet payload to look for specific data patterns and masks the matched data, improving data privacy and supporting compliance to HIPAA, PCI and internal best practices. For an example of a network pattern matching system, check out our new pattern matching feature on the HyperEngine packet processor blade or contact us for more information.

Compliance Regulations

(1) Health Insurance Portability and Accountability Act (HIPAA)

(2) Protected Health Information (PHI)

Stay Connected

Sign up for our newsletter