IT Security: Eliminating threats with effective network & log analysis

About ManageEngine

IT Security Management

Server Performance Management

Application Performance Management

Network Performance Management

Desktop Management

Active Directory

Management

IT Helpdesk

• Owned by Zoho Corporation• 90,000+ customers

worldwide• 25+ IT management

products

What is IT Security?

• Deploying firewall & IDS• Adhering to compliance• Or more?

Various types of an attack

DDoS

IP Spoofing

Sniffers

DoSPassword cracking

Privilege misuse

Man-in-the-middle

Attacks

Why do security threats happen in-spite of deploying firewall & IDS?

Firewall & IDS provide basic security

What they miss is to find out advanced attacks such as DDoS, zero-day intrusions, etc.

Network Security System

Input data Methodology

Firewall Packet header • Access policy enforcement• Simple interaction patterns

IDS Packet header & payload

• Detailed signature matching• Simple interaction patterns

Large enterprises & data centers need EXTRA SECURITY to prevent advanced attacks

Hackers exploit vulnerable networks

• BYOD & cloud computing

make networks MORE

VULNERABLE

• PC world: 70% of attacks

happen due to internal

vulnerabilities

DDoS – Distributed Denial of Service

• Flooding junk traffic• Coordinated stream of

requests• Slows down network or app

DDoS – Distributed Denial of Service

77% targeted bandwidth & routing infrastructure

23% were application attacks

Misuse of privileges

• Accessing critical resources• Should be identified in real-

time

Highly impossible to identify such attacks with manual process

• Attacks usually follow patterns

• Starts as breach/intrusion • Develops into an attack• Breach/intrusion should be

found in real-time

What is the need of the hour?

Advanced security protection

Basic Level

Advanced Level

Advanced security protection

Network Security System

Input data Methodology

Firewall Packet header • Access policy enforcement• Simple interaction patterns

IDS Packet header & payload

• Detailed signature matching• Simple interaction patterns

Log Monitoring System and application log files

• Actions done on the device, file, and application

Flow Monitoring Flow from network devices

• Advanced interaction patterns & sessionization

• Statistical analysis• Access & traffic policy

monitoring

Automated tools come handy

• Analyses flows from a security perspective

• Monitor logs for suspicious activities

Monitoring flows provides visibility into the network

• Flows provide information on traffic

• Easy to identify unnecessary or suspicious traffic

Monitoring packet flows

• Analyze packets exported• Identify anonymous IP

sending requests• Identify scan/probe, DDoS,

bad source• Change network

configuration to block anonymous traffic

Logs help finding suspicious behavior

• Logs record all activities done on devices (server)

• Patterns can be identified from logs

• Action can be taken

System & Application Log Monitoring

• All applications & systems generate logs

• Monitor such logs for suspicious print, error codes, etc.

Instant alerting

• Advanced tools out-of-the-box check for patterns

• Raise alert instantly• Customizable to every

business needs

Security reports

• Forensic analysis• Trend analysis• Compliance

Summary

• Advanced Security Analysis is needed

• Difficult with manual process• Need tools with automation

Thank youbharanikumar@manageengine.co

m