SlideShare a Scribd company logo

IT Security: Eliminating threats with effective network & log analysis

Download as PPTX, PDF
ManageEngine, Zoho Corporation
ManageEngine, Zoho Corporation

Firewall and intrusion detection systems (IDS) provide basic security but miss advanced attacks like distributed denial of service (DDOS) and zero-day intrusions. The document argues that large enterprises need extra security through network and log analysis to identify advanced threats like internal vulnerabilities being exploited, privilege misuse, and suspicious traffic patterns. It promotes the use of automated security tools that can continuously monitor system and application logs, network flows, and packet data to detect anomalies, generate real-time alerts, and produce security reports.

Related slideshows

Retail conglomerate in Latin America monitors 8000+ app components with Appli...
Retail conglomerate in Latin America monitors 8000+ app components with Appli...Retail conglomerate in Latin America monitors 8000+ app components with Appli...
Retail conglomerate in Latin America monitors 8000+ app components with Appli...
 
Leading Indian IT Services Company uses OpManager
Leading Indian IT Services Company uses OpManagerLeading Indian IT Services Company uses OpManager
Leading Indian IT Services Company uses OpManager
 
Leading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerLeading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManager
 
1 of 24
IT Security: Eliminating threats with effective network & log analysis
About ManageEngine IT Security Management Network Performance Management Server Performance Management Application Performance Management Desktop Management Active Directory Management IT Helpdesk • Owned by Zoho Corporation • 90,000+ customers worldwide • 25+ IT management products
What is IT Security? • Deploying firewall & IDS • Adhering to compliance • Or more?
Various types of an attack DDoS Password DoS cracking IP Spoofing Sniffers Privilege misuse Man-in-the-middle Attacks
Why do security threats happen in-spite of deploying firewall & IDS?
Firewall & IDS provide basic security What they miss is to find out advanced attacks such as DDoS, zero-day intrusions, etc. Network Security System Input data Methodology Firewall Packet header • Access policy enforcement • Simple interaction patterns IDS Packet header & payload • Detailed signature matching • Simple interaction patterns
Large enterprises & data centers need EXTRA SECURITY to prevent advanced attacks
Hackers exploit vulnerable networks • BYOD & cloud computing make networks MORE VULNERABLE • PC world: 70% of attacks happen due to internal vulnerabilities
DDoS – Distributed Denial of Service • Flooding junk traffic • Coordinated stream of requests • Slows down network or app
DDoS ��� Distributed Denial of Service 77% targeted bandwidth & routing infrastructure 23% were application attacks
Misuse of privileges • Accessing critical resources • Should be identified in real-time
Highly impossible to identify such attacks with manual process • Attacks usually follow patterns • Starts as breach/intrusion • Develops into an attack • Breach/intrusion should be found in real-time
What is the need of the hour?
Advanced security protection Advanced Level Basic Level
Advanced security protection Network Security System Input data Methodology Firewall Packet header • Access policy enforcement • Simple interaction patterns IDS Packet header & payload • Detailed signature matching • Simple interaction patterns Log Monitoring System and application log files • Actions done on the device, file, and application Flow Monitoring Flow from network devices • Advanced interaction patterns & sessionization • Statistical analysis • Access & traffic policy monitoring
Automated tools come handy • Analyses flows from a security perspective • Monitor logs for suspicious activities
Monitoring flows provides visibility into the network • Flows provide information on traffic • Easy to identify unnecessary or suspicious traffic
Monitoring packet flows • Analyze packets exported • Identify anonymous IP sending requests • Identify scan/probe, DDoS, bad source • Change network configuration to block anonymous traffic
Logs help finding suspicious behavior • Logs record all activities done on devices (server) • Patterns can be identified from logs • Action can be taken
System & Application Log Monitoring • All applications & systems generate logs • Monitor such logs for suspicious print, error codes, etc.
Instant alerting • Advanced tools out-of-the-box check for patterns • Raise alert instantly • Customizable to every business needs
Security reports • Forensic analysis • Trend analysis • Compliance
Summary • Advanced Security Analysis is needed • Difficult with manual process • Need tools with automation
Thank you bharanikumar@manageengine.com

More Related Content

IT Security: Eliminating threats with effective network & log analysis

  • 1. IT Security: Eliminating threats with effective network & log analysis
  • 2. About ManageEngine IT Security Management Network Performance Management Server Performance Management Application Performance Management Desktop Management Active Directory Management IT Helpdesk • Owned by Zoho Corporation • 90,000+ customers worldwide • 25+ IT management products
  • 3. What is IT Security? • Deploying firewall & IDS • Adhering to compliance • Or more?
  • 4. Various types of an attack DDoS Password DoS cracking IP Spoofing Sniffers Privilege misuse Man-in-the-middle Attacks
  • 5. Why do security threats happen in-spite of deploying firewall & IDS?
  • 6. Firewall & IDS provide basic security What they miss is to find out advanced attacks such as DDoS, zero-day intrusions, etc. Network Security System Input data Methodology Firewall Packet header • Access policy enforcement • Simple interaction patterns IDS Packet header & payload • Detailed signature matching • Simple interaction patterns
  • 7. Large enterprises & data centers need EXTRA SECURITY to prevent advanced attacks
  • 8. Hackers exploit vulnerable networks • BYOD & cloud computing make networks MORE VULNERABLE • PC world: 70% of attacks happen due to internal vulnerabilities
  • 9. DDoS – Distributed Denial of Service • Flooding junk traffic • Coordinated stream of requests • Slows down network or app
  • 10. DDoS – Distributed Denial of Service 77% targeted bandwidth & routing infrastructure 23% were application attacks
  • 11. Misuse of privileges • Accessing critical resources • Should be identified in real-time
  • 12. Highly impossible to identify such attacks with manual process • Attacks usually follow patterns • Starts as breach/intrusion • Develops into an attack • Breach/intrusion should be found in real-time
  • 13. What is the need of the hour?
  • 14. Advanced security protection Advanced Level Basic Level
  • 15. Advanced security protection Network Security System Input data Methodology Firewall Packet header • Access policy enforcement • Simple interaction patterns IDS Packet header & payload • Detailed signature matching • Simple interaction patterns Log Monitoring System and application log files • Actions done on the device, file, and application Flow Monitoring Flow from network devices • Advanced interaction patterns & sessionization • Statistical analysis • Access & traffic policy monitoring
  • 16. Automated tools come handy • Analyses flows from a security perspective • Monitor logs for suspicious activities
  • 17. Monitoring flows provides visibility into the network • Flows provide information on traffic • Easy to identify unnecessary or suspicious traffic
  • 18. Monitoring packet flows • Analyze packets exported • Identify anonymous IP sending requests • Identify scan/probe, DDoS, bad source • Change network configuration to block anonymous traffic
  • 19. Logs help finding suspicious behavior • Logs record all activities done on devices (server) • Patterns can be identified from logs • Action can be taken
  • 20. System & Application Log Monitoring • All applications & systems generate logs • Monitor such logs for suspicious print, error codes, etc.
  • 21. Instant alerting • Advanced tools out-of-the-box check for patterns • Raise alert instantly • Customizable to every business needs
  • 22. Security reports • Forensic analysis • Trend analysis • Compliance
  • 23. Summary • Advanced Security Analysis is needed • Difficult with manual process • Need tools with automation