Solutions

network-monitoring

Watching the computer network is composed of two main parts:

1. Monitoring service - is to use a system that constantly monitors a computer network, slow or failing components.
The network administrator receives an overview of:

  • availability of services and servers
  • occupancy lines, CPU, routers, switches, ....

Information for evaluation are obtained mainly through SNMP.
 
2. Data analysis - is to use a system of collecting and analyzing data in order to detect anomalies that indicate a potential attackers infiltrated into the internal infrastructure.

  • use NetFlow protocol
  • Network Behavior Analysis
  • Packet filtering

    Flow Monitoring-monitoring within the data infrastructure, data nodes,
    centralized and integrated into surveillance centers

  • Analysis at the level of communication - aggregate, but without losing important information
  • Distributed long-term monitoring to cover the entire network
  • Fast and efficient
  • Overview of what is happening across the network, as well as a detailed view of individual communication
  • It does not require expert knowledge
  • Effective even for encrypted traffic

Flow monitoring provide a quick diagnosis in terms of time and space for further analysis, such as. packet analysis:

  • Detailed analysis - at the level of individual packets and their application content
  • Monitoring a particular place at a particular time (which is a problem)
  • Very time consuming
  • Requires knowledge that "what I'm looking for" - otherwise it is necessary to analyze huge amounts of data
  • Especially for experts
  • Ineffective for encrypted traffic

     Network Behavior Analysis-detection of any security anomalies or threats
     undetectable risk within communication networks. The system is fully integrated in the
     SIEM solutions.

  • Detection of changes in behavior, suspicious behavior detection
  • Based on the analysis of statistics IP (L2, L3, L4)
  • Detection and yet undiscovered threats (APT, zero-day attacks, data leakage, denial ...)
  • Does not use attack signatures
  • Analysis perimeter, LAN and WAN, reveals and internal threats
  • Effective even for encrypted traffic
  • Passive - a basis for follow-up action on the net

NBA as standard security solutions such as Firewall, IDS and IPS, which are more dependent upon signatures and detect attacks prostrtedníctvom search application patterns in packets.

Benefits:

  • Monitoring network traffic in real time, improving network and the detection of external and internal attacks, analyzing long-term statistics with resolution to individual desktops, applications and conversations detailed tracking of users and services, effective capacity planning routes
  • Long-term storage of statistics on network traffic and compliance with regulations and laws on electronic communications
  • Fast and accurate troubleshooting the network, immediate identification of any anomalies through automated alerting
  • Through the acquisition of qualified reporting transparent reports on network traffic, easy scheduling and QoS monitoring, control and peering agreements on quality of service (SLA)

Solution detects any anomalies or an event in the time of occurrence of the net. Through the collector shall keep and store in an aggregated state for any length of time needed (surveillance, forensic investigations, etc..).

Reveals the following types of events:

  • Attacks (port scanning, dictionary attacks, DoS, Telnet)
  • Anomalies service (DNS, multicast, high variability of communication)
  • Anomaly behavior of IP addresses (change of behavior profiles)
  • Unwanted application (P2P, online communicators, TOR, TeamViewer)
  • Malware (viruses, spyware, botnets, communication with addresses on blacklistech)
  • Mail (outgoing SPAM illegitimate mail servers)
  • Operational problems (delay, congestion, reverse DNS records, service interruptions)
  • Potential data leaks (upload on public servers, web storage)
  • Violation of security policies (circumvention proxies unknown devices)
  • Specific methods (monitoring sensor networks)

More solutions

DDI/NAC

Read more

traps

DLPVivamus sagittis lacus vel augue laoreet rutrum faucibus dolor auctor. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Nullam quis risus eget urna mollis ornare vel eu leo. Praesent commodo cursus magna, vel scelerisque nisl consectetur et.

Read more

sast

CxSAST is a powerful Static Source Code Analysis solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.

Read more

mobile-security

Mobile security represents growing security area, its growth caused primarily by the growth in sales of mobile devices (smartphones, tablets, notebooks) and existence of BYOD.

Read more