How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
Normally we use the solution to send the traffic. We get traffic on it and once I get the traffic, I get the SPN diagnosis and all the network services diagnostics and whatever else that I run in the office file server. It scans through that. For example, when we download some files, in our portal we are uploading some of the activity documents, as well as Excel and Word documents, etc. They get scanned through and we have DDI Rules that are enabled for the file management. Basically, any uploading, downloading, etc. of items from our website server get scanned and analyzed.
We use the onsite version, not cloud. Our primary use case is for intrusion detection, including threats, malware, and basically anything that might be a threat. Traffic that is intercepted from emails going outbound or inbound is also analyzed.
I work for a distribution partner company. We use the on-prem, physical model of this solution.