Detection
Incident detection is a process that includes, detection of attacks, collection of cross platform event information and finally prioritization of the attacks. To implement a successful incident mangement system, enterprises will have to maintain a tight control over their detection systems and ensure the systems are in sync with the correlation engines. CNAM supports its customers through the entire process of incident detection and management, by proividing managed intrusion detecion, event correlation and incident mangement as a part of the CNAM Security Suite.
High net-worth technologies for detection
Detection technologies to the day are limited to firewalls and intrusion detection systems to perform the role of the primary whistle blower for attacks. Since the attacks originating from the Internet are mutating all the time the tools of detection have to constantly validate their technology and or add new tools to detect / prevent attacks. The network security space requires multiple tools and their interaction to be able to accurately detect attacks. CNAM implements several tools of this kind that are easy to deploy and perform a focussed task, however provide a high value information required for accurate detection of attacks.
Each CNAM deployment deploys a managed Integrated Detection Device (IDD) that implements several technologies that support the central intelligence engine to detect attacks. Following is a breakdown of some detection engines in the IDD:
.png)
- Intrusion Detection System is a signature based detection engine deployed using signatures custom to the environment
- Traffic Anomaly Engine identifies anomalous events in traffic patters to detect scans, floods etc.
- Flow Monitoring identifies scans and logs illegal connection attempts
- Worm Detection provides detection of 0day worm outbreaks using the CNAM umbrella network
- Decoy Detection System identifies valid attackers by implementing OS and application decoys
Root Cause: Detection Failure
Enterprise networks are constantly trying to improve security infrastructure this process is commonly implemented by investing in newer technologies and delivery models. This constant growth of infrastructure is required to keep up with the latest threat arenas created by attackers. However, the most common cause of a complete compromise is often cited as "Detection Failure". The most common reason for detection failure is often not ineffective technology, but infective management.
CNAM enables organisations to consolidate their existing security investments, and leverage existing technologies into delivering high quality threat detection. Often the common perception of cutting edge threats need cutting edge technologies is flawed and on the contrary rudimentary security infrastructure could make an impregnable security setup, only if managed effectively.
Attack detection, a step forward
The CNAM solution walks the extra mile to participate in detection of attacks on all customer networks. Unlike existing security management systems, CNAM actively participates in attack detection by deploying highly customized solutions that are capable of detecting attacks across threat families. These detection devices are often manually configured and tuned to customer preferences and the underlying applications. In order to sustain the consistency in quality CNAM deploys via a process driven system that enables the technology, the support and the partners to seamlessly cooperate.
Resources
Benefits of using CNAM
A short write-up on the benefits of the CNAM Security Suite
Quick Intro to CNAM
Brief 4 slider introduction to CNAM
Effective Detection Strategies
Drives through most available options in the detection space.