Blog

On Day 3, I Discovered All Things You Can Do with Network Visibility

Harry Quackenboss By: Harry Quackenboss December 23, 2016

Monitoring employees in the workplace is a sensitive topic because it touches on employee policies and an individual’s right to privacy, both of which often come with legal implications. But in certain situations, employee monitoring is a necessary tool to ensure that employees are engaging in appropriate and responsible workplace behavior.

I have a somewhat unusual example that I heard about from a security consultant. The consultant was called into an organization because of anonymous reports about employees in one department viewing inappropriate content in the workplace. The incident was escalated to the head of human resources and a recommendation was made to the head of organization to approve monitoring the online activities of a number of employees. This situation was complicated by the fact that the anonymous reports didn’t specify which employees were being accused, only the general area where they worked.

The incident greatly concerned human resources and management for several reasons. The organization was proud to have low employee turnover and recent surveys rated the organization as a great place to work. Additionally, the organization had a liberal policy regarding social media and accessing the Internet for personal use. Although the company’s employee policy manual did permit monitoring of online activities, up to now, they had not engaged in any type of surveillance and were reluctant to do so. Furthermore, the company didn’t want to start limiting the IP addresses that employees could access. But based on the number of anonymous reports, they knew they had to act.

The security consulting team researched and presented an idea that would possibly allow identification of not safe/suitable for work (NSFW) content without having to match and limit IP addresses based on lists of known inappropriate content. The consulting team thought this idea would meet both the objective to avoid monitoring employee access to websites and to find the suspected NSFW content.

The security consulting team implemented a Network TAP and a Network Packet Broker, which they programmed with a list of destination IP addresses for the employees they decided to monitor. They also implemented a deep packet inspection (DPI) appliance. The DPI appliance was programmed to detect inappropriate video (MPEG) content based on a set of color ranges found within the video images. The selected color ranges were those that matched various samples of bare human skin.

The security consultants weren’t completely sure this unusual network monitoring method was going to work. However, to their surprise, they were able to quickly identify a handful of employees who indeed were violating the company’s Internet Usage policy. By implementing a useful and effective network solution, the company was able to maintain a responsible work environment without limiting Internet usage for all their employees.


In order to have an effective network security solution, consider Niagara's Next-Gen Network Visibility Platform which optimizes your network security and monitoring.

New call-to-action