it security: eliminating threats with effective network & log analysis
DESCRIPTION
IT SecurityTRANSCRIPT
IT Security: Eliminating threats with effective network & log analysis
About ManageEngine
IT Security Management
Server Performance Management
Application Performance Management
Network Performance Management
Desktop Management
Active Directory
Management
IT Helpdesk
• Owned by Zoho Corporation• 90,000+ customers
worldwide• 25+ IT management
products
What is IT Security?
• Deploying firewall & IDS• Adhering to compliance• Or more?
Various types of an attack
DDoS
IP Spoofing
Sniffers
DoSPassword cracking
Privilege misuse
Man-in-the-middle
Attacks
Why do security threats happen in-spite of deploying firewall & IDS?
Firewall & IDS provide basic security
What they miss is to find out advanced attacks such as DDoS, zero-day intrusions, etc.
Network Security System
Input data Methodology
Firewall Packet header • Access policy enforcement• Simple interaction patterns
IDS Packet header & payload
• Detailed signature matching• Simple interaction patterns
Large enterprises & data centers need EXTRA SECURITY to prevent advanced attacks
Hackers exploit vulnerable networks
• BYOD & cloud computing
make networks MORE
VULNERABLE
• PC world: 70% of attacks
happen due to internal
vulnerabilities
DDoS – Distributed Denial of Service
• Flooding junk traffic• Coordinated stream of
requests• Slows down network or app
DDoS – Distributed Denial of Service
77% targeted bandwidth & routing infrastructure
23% were application attacks
Misuse of privileges
• Accessing critical resources• Should be identified in real-
time
Highly impossible to identify such attacks with manual process
• Attacks usually follow patterns
• Starts as breach/intrusion • Develops into an attack• Breach/intrusion should be
found in real-time
What is the need of the hour?
Advanced security protection
Basic Level
Advanced Level
Advanced security protection
Network Security System
Input data Methodology
Firewall Packet header • Access policy enforcement• Simple interaction patterns
IDS Packet header & payload
• Detailed signature matching• Simple interaction patterns
Log Monitoring System and application log files
• Actions done on the device, file, and application
Flow Monitoring Flow from network devices
• Advanced interaction patterns & sessionization
• Statistical analysis• Access & traffic policy
monitoring
Automated tools come handy
• Analyses flows from a security perspective
• Monitor logs for suspicious activities
Monitoring flows provides visibility into the network
• Flows provide information on traffic
• Easy to identify unnecessary or suspicious traffic
Monitoring packet flows
• Analyze packets exported• Identify anonymous IP
sending requests• Identify scan/probe, DDoS,
bad source• Change network
configuration to block anonymous traffic
Logs help finding suspicious behavior
• Logs record all activities done on devices (server)
• Patterns can be identified from logs
• Action can be taken
System & Application Log Monitoring
• All applications & systems generate logs
• Monitor such logs for suspicious print, error codes, etc.
Instant alerting
• Advanced tools out-of-the-box check for patterns
• Raise alert instantly• Customizable to every
business needs
Security reports
• Forensic analysis• Trend analysis• Compliance
Summary
• Advanced Security Analysis is needed
• Difficult with manual process• Need tools with automation
Thank [email protected]
m