Compliance Commander – Sentry Print E-mail


The most effective and common deployment scenario is to place the Sentry appliance just outside the enterprise firewall. By doing so, this significantly reduces the administrator’s time required for policy configuration because any clear-text sensitive data detected at this point is, by definition, a data leak incident. In some specific  cases, occasionally, an organization may want to deploy Sentry internally on the enterprise network, typically at chokepoints. An internal deployment can be used for auditing purposes to help monitor and control the flow of sensitive data.

Compliance Commander Components

Sentry is a required component that can be purchased as either: 

1)   A software appliance that can be installed on customer provided server / hardware. Upon request, Intrusion will provide a list of certified, third party hardware models that are widely available. The software installation CD contains an image of the hardened Linux operating system, along with the Sentry application.

2)   A ready-to-go, hardware appliance.

D3 is a required application that serves as middleware for uploading the required data records from the database to the Sentry appliance. It must be installed within the LAN on a Windows 2003 server.  This server can also co-host the Provider application. Sentry uses its internal network / management interface for communications with D3.

Provider is an optional application that provides advanced management capabilities for all Compliance Commander products including Sentry. It is installed on a Windows 2003 server inside the LAN, and it can be co-hosted with D3. Provider requires a valid Microsoft SQL 2000 Standard Edition license which is supplied by the customer.

Encrypted Email Server is an optional Sentry component that automatically encrypts all outbound, sensitive emails. It is dual-homed to the LAN and the DMZ, and supports all industry standard email servers (e.g. Exchange, Lotus, etc.). The Encrypted Email Server can be deployed as a ready-to-go appliance, or as a software appliance.

Sentry Deployment Options

Inline Deployment
It is recommended to deploy Sentry “inline” so that sensitive data can be blocked from leaking onto the public network. Although Sentry can be directly connected to the network, it is recommended that a Secure Tap™ be used for high availability.

Passive Deployment

Sentry may be deployed for monitoring only purposes. In this case, a network tap is used to connect Sentry to the network, again typically just outside the fi rewall. In order to maintain high availability, it is recommended that a Secure Tap™ be used for this connection.

Supported Databases and Financial Information Systems

Sentry supports uploading of customer data from multiple databases and financial information systems, including:


  • Oracle
  • IBM / DB2
  • Microsoft SQL
  • Sybase
  • Others

Financial Information Systems:

  • Fiserv – XP, Users, Integrasys
  • Jack Henry
  • Symitar
  • Harland
  • Others