![Page 1: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/1.jpg)
IT Security: Eliminating threats with effective network & log analysis
![Page 2: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/2.jpg)
About ManageEngine
IT Security Management
Server Performance Management
Application Performance Management
Network Performance Management
Desktop Management
Active Directory
Management
IT Helpdesk
• Owned by Zoho Corporation• 90,000+ customers
worldwide• 25+ IT management
products
![Page 3: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/3.jpg)
What is IT Security?
• Deploying firewall & IDS• Adhering to compliance• Or more?
![Page 4: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/4.jpg)
Various types of an attack
DDoS
IP Spoofing
Sniffers
DoSPassword cracking
Privilege misuse
Man-in-the-middle
Attacks
![Page 5: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/5.jpg)
Why do security threats happen in-spite of deploying firewall & IDS?
![Page 6: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/6.jpg)
Firewall & IDS provide basic security
What they miss is to find out advanced attacks such as DDoS, zero-day intrusions, etc.
Network Security System
Input data Methodology
Firewall Packet header • Access policy enforcement• Simple interaction patterns
IDS Packet header & payload
• Detailed signature matching• Simple interaction patterns
![Page 7: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/7.jpg)
Large enterprises & data centers need EXTRA SECURITY to prevent advanced attacks
![Page 8: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/8.jpg)
Hackers exploit vulnerable networks
• BYOD & cloud computing
make networks MORE
VULNERABLE
• PC world: 70% of attacks
happen due to internal
vulnerabilities
![Page 9: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/9.jpg)
DDoS – Distributed Denial of Service
• Flooding junk traffic• Coordinated stream of
requests• Slows down network or app
![Page 10: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/10.jpg)
DDoS – Distributed Denial of Service
77% targeted bandwidth & routing infrastructure
23% were application attacks
![Page 11: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/11.jpg)
Misuse of privileges
• Accessing critical resources• Should be identified in real-
time
![Page 12: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/12.jpg)
Highly impossible to identify such attacks with manual process
• Attacks usually follow patterns
• Starts as breach/intrusion • Develops into an attack• Breach/intrusion should be
found in real-time
![Page 13: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/13.jpg)
What is the need of the hour?
![Page 14: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/14.jpg)
Advanced security protection
Basic Level
Advanced Level
![Page 15: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/15.jpg)
Advanced security protection
Network Security System
Input data Methodology
Firewall Packet header • Access policy enforcement• Simple interaction patterns
IDS Packet header & payload
• Detailed signature matching• Simple interaction patterns
Log Monitoring System and application log files
• Actions done on the device, file, and application
Flow Monitoring Flow from network devices
• Advanced interaction patterns & sessionization
• Statistical analysis• Access & traffic policy
monitoring
![Page 16: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/16.jpg)
Automated tools come handy
• Analyses flows from a security perspective
• Monitor logs for suspicious activities
![Page 17: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/17.jpg)
Monitoring flows provides visibility into the network
• Flows provide information on traffic
• Easy to identify unnecessary or suspicious traffic
![Page 18: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/18.jpg)
Monitoring packet flows
• Analyze packets exported• Identify anonymous IP
sending requests• Identify scan/probe, DDoS,
bad source• Change network
configuration to block anonymous traffic
![Page 19: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/19.jpg)
Logs help finding suspicious behavior
• Logs record all activities done on devices (server)
• Patterns can be identified from logs
• Action can be taken
![Page 20: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/20.jpg)
System & Application Log Monitoring
• All applications & systems generate logs
• Monitor such logs for suspicious print, error codes, etc.
![Page 21: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/21.jpg)
Instant alerting
• Advanced tools out-of-the-box check for patterns
• Raise alert instantly• Customizable to every
business needs
![Page 22: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/22.jpg)
Security reports
• Forensic analysis• Trend analysis• Compliance
![Page 23: IT Security: Eliminating threats with effective network & log analysis](https://reader031.vdocuments.net/reader031/viewer/2022012916/5576322ad8b42a015c8b4bd1/html5/thumbnails/23.jpg)
Summary
• Advanced Security Analysis is needed
• Difficult with manual process• Need tools with automation