With Advanced Security Analytics module(ASAM) in NetFlow Analyzer, Security Analyst job on a network would be very easy. This blog helps you to understand the requirements for security Analytics in a network and how ASAM help you to identify network security loop holes.
What is ASAM?
This is a flow based security analytics and anomaly detection tool that helps in detecting zero-day network intrusions, using Continuous Stream Mining Engine technology.
It classifies intrusions to tackle network security threats in real time and has intelligence to detect a broad spectrum of external and internal security threats.
Benefits of using ASAM:-
- Uses the same NetFlow, sFlow packets exported from the devices.
- Centralized agent less traffic data collection, analysis and management
- Deeper visibility into both external and internal security threats
- Zero-day intrusion / anomaly detection capabilities
- Continuous overall security assessment on a network
- Real time analysis of Security threats.
- Non-Signature based security analytics tool.
- Capable of detecting threats which can surpass the IDS or Firewall
- No extra hardware required for implementing and it is integrated with existing traffic monitoring tool.
Use case:-
Here is the situation on network, A malware sitting on couple of PC or in some portion of internal network segment is causing a Syn flood(DoS attack), the network with out a flow based traffic and security analytics tool might a face huge task in identifying this threat.Say for an example a network with ManageEngine NetFlow Analyzer with ASAM module facing the above mentioned will easily find out the infected system or segment and take a necessary action to remove the Malware.
- How ASAM helps in this situation?Assume that the PCs or infected network segments(Group of PCs) are connected to a Core layer 3 switch which is currently being monitored in NetFlow Analyzer using NetFlow export, Administrator notices that there is a sudden huge spike on their traffic graphs on a particular port, he suspects that it might be a some security threat.
He now uses the ASAM module to check is there any threat on this particular device.
For easier analysis he is using resource based security threat analysis. The Resource based analysis snapshot tells which particular Router, Source Network, Source IP, Destination Network and Destination IP is having more number of events.This snapshot helps administrator to easy drill down to problematic Network Segment to find out the offenders, once the list offender IP’s extracted, network administrator can now identify the PCs and remove the malwares using some Anti Virus tool or disconnect those infect PCs from network.
You can download the 30 day trial of ManageEngine NetFlow Analyzer from here.
Reach us on Facebook at NetFlow Analyzer TAC
Catch up with the latest updates in the industry, through our LinkedIn community Bandwidth Monitoring and Traffic Analysis for Enterprises
Praveen Kumar