Congruity Inspector™

1. What is Congruity Inspector?

Congruity Inspector is a leading Network Quality Assurance (NQA) software tool enabling organizations to easily and cost-effectively verify and document the effectiveness of their administrative and technical controls, policies and profile how their IT resources are being used. Given the complexity of networking technology and demands on IT resources, organizations need a simple, automated way to ensure their systems and confidential data are being operated in a secure and confidential manner. Congruity Inspector was designed to simplify and improve the quality assurance and consistency of the system log review process.

2. Does Congruity Inspector perform a network penetration test?

Yes. However, unlike traditional penetration test software which can disrupt network operations, Congruity Inspector passively monitors all inbound and outbound perimeter traffic over a 7 day term. This unique process identifies malicious activity, system compromise, technology inefficiencies and network performance threats that traditional static, moment-in-time pen-tests cannot, plus it also identifies the source address and country code so users can quickly diagnose the scope of the problem and respond accordingly.

3. Does Congruity Inspector provide a centralized, device-independent audit log?

Yes. Congruity Inspector utilizes its own data collection driver and monitors all inbound and outbound usage activity directly from the network. It does NOT collect device system logs. This device-independent view offers a totally objective verification that systems, security controls and policies are effective. Congruity Inspector also offers audit archiving and encryption so audit data can be stored and reloaded into the report interface for historical trending comparisons, forensic investigation, fact finding and compliance purposes. The audit archive can be presented to an outside auditor to address compliance reporting obligations.

4. Is Congruity Inspector a vulnerability scanner?

No. Vulnerability scanning identifies known software flaws and is is part of patch management. Congruity Inspector identifies conditions, actions, or events that could cause harm to information systems and confidential data. These elements are a component of risk and can occur in spite of a fully-patched and properly configured network. For example, a vulnerability scan cannot identify data leakage or a compromised system that is fully-patched.

5. Is Congruity Inspector a risk assessment tool?

Yes. Congruity Inspector identifies conditions that can cause network disruption, compromise, exposures and data leakage. Congruity Inspector provides a broader measure of risk than a vulnerability scan because it monitors dynamic conditions that directly impact performance, availability, efficiency and exposure--something a vulnerability scan cannot do.

6. Is Congruity Inspector easy to install and operate?

Yes. The software installs on a standard Windows PC in less than a minute. Set-up requires a network tap point on the gateway switch or router (each Mfg. has their own name for it). See the Systems Specification Link for more details. System Specs.

7. What issues does Congruity Inspector identify?

Congruity Inspector highlights all communication Vectors on the network, representing any network path in or out of the protected network. A user can easily identify which vectors are legitimate business and which are not and eliminate them. Congruity Inspector operates on the basis of monitoring and collecting every traffic flow (TCP, UDP & ICMP protocols) entering and leaving the protected network over a 7 day period, categorizing this information in a logical, easy-to-understand format. Findings include comprehensive baseline metrics to help users understand how usage impacts operations.

8. Can user's claim audit independence and separation of function by using Congruity Inspector for compliance preparation and self-auditing?

Yes. Congruity Inspector is completely automated and generates objective executive reporting based on actual findings. There is no subjective input for the reports. Executives and technical personnel all see the actual findings without any user manipulation or personal input.

9. Is Congruity Inspector a stand-alone application?

Yes. Congruity Inspector is a completely integrated stand-alone product featuring it's own database, Web-server,packet-capture engine and content analyzer. Use requires Internet Explorer and the Adobe SVG viewer for on-line report viewing and analysis.

10. How large of a network can Congruity Inspector handle?

The size of a network is dependent upon several factors: the amount of Internet activity, bandwidth and the number of users. Ten very active users can generate as much traffic as 100 users under normal conditions, so the size of the network depends. Generally, Congruity Inspector is targeted at the SMB market, designed to audit networks up to 5,000 concurrent devices (workstations/servers) for a full 7 day term. In such cases where traffic volumes are exceedingly high, the software will collect data until the database fills. In either case, Congruity Inspector was designed so users can review and comprehend the information in a practical and time-efficient manner.

11. Why doesn't Congruity Inspector operate on a full-time operational basis?

We designed Congruity Inspector as a Network Quality Assurance tool to be used and reviewed regularly by key IT management, stakeholders and decision makers in a formal management-level meeting. In such a forum, information can be weighed, prioritized and well thought-out plans can be set forth with quality and efficiency in mind. When products become operationalized providing real-time notifications and alarms, there is a direct tendency to ad hoc reactions or simply ignoring the issues. This is the case with Intrusion Detection Systems that spawn lots of false positives. After a while people begin to ignore them. Congruity Inspector was designed so users can review and comprehend operational information in a consistent, practical and time-efficient manner and manage to well-defined quality standards.