Collaboration

The CNAM Security Suite comes built in with a collaboration module, that allows customers to constantly watch and mitigate their threats based on external intelligence made available by the service. CNAM has a very versatile trending engine that processes information across customer locations and CNAM's decoy network. As a result of this process, CNAM is able to provide a credible intelligence stream to its customers that helps them recognize the threat environment and react accordingly.

CNAM imports open source attacker intelligence from the Internet and validates each event entry against the local intelligence stream made available from the umbrella network. Thereby all customers under the CNAM umbrella network enjoy direct access to a consolidated intelligence stream available on the Internet.

The CNAM umbrella network

CNAM seamlessly monitors a large network of devices across customers on a real-time basis. This information is correlated, processed and summarized at an organizational level. All information received by the umbrella network is historically trended using data sampling algorithms to identify trends in attacks, attackers, malware, infected networks, command and control networks. This information is used as intelligence and provided to customer networks to track real-time activity and respond to critical incidents. Following are the key benefits of the CNAM umbrella network:

  • Historical analysis of attacks the umbrella network constantly processes attack summaries to extract historical trends and identify specific areas of intelligence that may be critical for attack detection and evasion
  • Cross site intelligence provides customers with the insight into attacks, attackers, malware and infected networks that have been identified based on collaborative feeds available from the umbrella network
  • Domain specific intelligence provides relevant intelligence to customers, for instance a bank would benefit from intelligence extracted out of the banking partners of the umbrella network
  • Automated implementation allows customers to stop worrying about immediate implementation of intelligence feeds which is a logistic nightmare, as CNAM automatically pushes relevant feeds into the detection process

Absorbing the feed overload

The Internet is home to a large number of research organizations that track malicious activity across the world wide web, such organizations routinely provide extremely credible intelligence that enterprises can use to recognize threat and prevent the resulting attack. Some of the great research organizations have a large amount of community participation that allows them to generate accurate attack trends, on the other hand some researchers are funded and have access to large traffic ISP infrastructure to measure and trend attacks.

For the enterprise however, implementing this information along with remediation action is a logistical nightmare as the various intelligence streams do not follow the same protocol and the end security devices are not compatible with these feeds. Often enterprises are required to perform manual remediation, which is typically the break point in the process of security.

The CNAM Security Suite provides direct connectors with all the community research organist ions

Quick Links

Resources

Benefits of using CNAM
A short write-up on the benefits of the CNAM Security Suite

Quick Intro to CNAM
Brief 4 slider introduction to CNAM

Effective Detection Strategies
Drives through most available options in the detection space.