analytics tool that helps in detecting network intrusions and classifying
the intrusions to tackle network security threats in real time. ASAM is an
add-on module with NetFlow Analyzer, therefore, does not need any
additional hardware investment. The flows(NetFlow, sFlow, IPFIX, netstream
etc.) are exported by the devices (routers and switches) to NetFlow
Analyzer. These flows are analyzed by ASAM and the network anomalies are
detected. As this is done in real time, continuous updation of the network
threats keeps the enterprise network secure.Advanced Security Analytics
module gives actionable intelligence to avert a broad spectrum of external
and internal security threats.
Network snapshot of ASAM displays a list of grouped threat/ anomaly as a
problem and further, the problems are categorized in to three major
problem classes (Bad Src-Dst, DDoS, Suspect Flows). The set of classes
used for classifying problems with a brief description is given here. The
security snapshot in NetFlow Analyzer shows the problem classes and
problems along with the number of events occurred. ASAM also assigns
severity to all the threats as Info, Warning, Major or Critical. The pie
charts and line graph helps the user to grasp the network "security
posture" in one glance.
Users can also select custom time period as per their requirement and
filter the events based on
* Problem class
* Offender
* Target
* Router / interface
* Severity
visit http://www.manageengine.com/products/netflow/index.html for detail