Menggunakan kemampuan Advanced Security Analytics Module (ASAM) di Netflow Analyzer untuk analisa sekuriti jaringan

Dalam produk Netflow Analyzer, ada salah satu modul ASAM yang digunakan untuk melakukan analisa sekuriti jaringan.
The neural system of most of the enterprises is the network. With the emergence of social networking, video streaming, peer-to-peer technology, cloud computing and SaaS, it's safe to say that modern enterprises are only as good as their networks especially in terms of the bandwidth and security they provide. Be it banks securing their data against thefts or business organizations securing their network against security threats and attacks, the lurking threat of getting breached, compromised and damaged by an unknown zero-day intruder is always relevant. Moreover, continuous evolution of intrusion techniques has made the task of ensuring network security increasingly difficult in spite of becoming all the more critical.
Predominantly, the security systems are classified into three types. They are (i) Firewall Systems, (ii) Intrusion Detection/Prevention (IDS/IPS) Systems and (iii) Network Behavior Analysis (NBA) Systems also known as Network Behavior Anomaly Detection (NBAD) Systems. While all three of them have their own unique strengths and weaknesses, they complement each other to form a holistic network security strategy. However, the first two are widely prevalent and perceived as essential components, the third is not so. This leaves the network vulnerable to several zero-day attacks, unknown worms, internal threats, etc., as well as letting them lag behind in terms of overall traffic visibility, access policy decisions, security posture assessment and a reasonably sure confirmation of network security.
Comprehensive Enterprise Network Security:
comprehensive enterprise network security

Unified bandwidth monitoring and zero-day security analytics

Bandwidth monitoring & traffic analysis and network security analytics & behavior anomaly detection are interdependent and complementary by nature. NetFlow Analyzer, coupled with ASAM, unifies these complementary solutions to provide a holistic and reliable decision support system in a single user-friendly interface. While NetFlow Analyzer gives you an in-depth visibility in to your network traffic and bandwidth utilization, ASAM offers continuous network security monitoring and anomaly detection capabilities.
Unified Traffic Analytics:
one holistic view

Advanced Security Analytics Module (ASAM)

Advanced Security Analytics Module is a network flow based security analytics and anomaly detection tool that helps in detecting zero-day network intrusions, using the state-of-the-art Continuous Stream Mining Engine™technology, and classifying the intrusions to tackle network security threats in real time. ASAM offers actionable intelligence to detect a broad spectrum of external and internal security threats as well as continuous overall assessment of network security (Network Security screenshots).
ASAM Technological Significance:
asam benefits
The Security Snapshot of ASAM displays a list of grouped threats/anomalies as problems and further, the problems are categorized in to three major problem classes (Bad Src-Dst, DDoS, Suspect Flows). The set of classes used for classifying problems with a brief description is given here (Problem Taxonomy). The pie charts and line graphs help the user grasp the overall network "security posture" in one glance. On further drill-down it displays a list of individual events/anomalies, of a specific problem, with detailed information collation for closer investigation by the operator.
ASAM, offered as a simple add-on module of NetFlow Analyzer, leverages the underlying platform's agentless centralized data collection and forensic analysis capabilities, to offer greater value. NetFlow Analyzer is a robust, scalable and a proven platform offering bandwidth monitoring and unified traffic analytics.

Benefits of ASAM:

  • Centralized agentless traffic data collection, analysis and management
  • Seamless visibility into both external and internal security threats
  • Context-sensitive zero-day intrusion / anomaly detection capabilities
  • Continuous overall security posture assessment
  • Proactive feedback-driven access and traffic policy decisions
  • Actionable and real-time decision support system

Technical Capabilities:

  • High throughput & low latency Stream Processing
  • Asynchronous and parallel data processing
  • Rapid Rules Engine and flexible criteria profiles
  • Contextual resource modeling and problem heuristics
  • Advanced event correlation and mining algorithms

Features:

Network security snapshot
Auto Discard Flows
  • Whitelist specific flows for specific problems
  • Extensive flow filter configuration options
  • Consolidated Discard Filter configuration reporting

Network security snapshot
Event Troublshoot Report
  • Ad-hoc forensic investigation and analysis
  • Groups flows for quickly discerning patterns
  • Segment flows by originating router

Network security snapshot
Custom Problem Management
  • Enable ⁄ Disable specific problems and algorithms
  • Focus in pertinent problems of interest

Network security snapshot
Auto Ignore Events
  • Whitelist specific resources for specific problems
  • Option to store ignored events for auditing
  • Consolidated Ignore Filter configuration reporting

Network security snapshot
Security Snapshot
This displays a list of grouped threat⁄ anomaly as a problem and further, the problems are categorized in to three major problem classes (Bad Src-Dst, DDoS, Suspect Flows). Read more...

Network security event list
Event List
The ‘Event List’ in ASAM lists, classifies and organizes all the events that might become attacks. Also, ASAM assigns severity of an event; this allows you to prioritize your actions. Read more...

network security event details
Event Details
Event details gives a thorough detail about the problem. The details include network, port, protocol, TCP flag and much more. Clicking on the router name gives details with mapped destination- source IP and the application, port, protocol etc. used. This report can be exported as a pdf or can be mailed with just a single click.