CNAM

Comprehensive Network Attack Monitoring (CNAM) provides a tight integration of technologies, tools, people and processes to minutely monitor the threat landscape around critical assets of an organization. CNAM, is an efficient, quickly deployable and cost effective solution for guarding your IT system against hackers, bots and more such ever increasing threats. The service offers round-the-clock monitoring, real-time detection and total prevention of harmful intrusions, that threaten your information security and hence – your business.

CNAM comes to you as a business-friendly service that doesn’t require complex hardware installations, and high-cost application licenses. Ranging from just system deployment to even engaging trained and dedicated team, the service is scalable to match your resource availability and precise requirement.

CNAM delivers

  • Heavily researched detection technology that powers an automated engine which propels attackers and anomalies to the handlers screen for action
  • Collaborative intelligence provides decision support with real-time threat perspectives from networks being monitored by CNAM and open source security threat information available on a continuous basis.
  • Integrated security services identifies threats and manages insecurities 24 x 7, as against a monday morning review that kills the essence of active response to attacks
  • Highly skilled security partners who are trained to provide accurate analysis only on cases that CNAM labels suspicious, thereby enabling customers to reduce the rate of false negatives on attacks
  • Software-as-a-Service allows you to take on the service on a pay per use basis, and without investing in hardware, software or people

CNAM Security Suite, Includes

  • Enterprise Risk Manager provides a real-time console for asset, vulnerability, attack and compliance reporting and monitoring console. ERM integrates all product options under the CNAM Security Suite
  • Real-time Attack Monitoring delivers the correlation and collaboration infrastructure for active attacker detection across enterprise locations
  • Real-time Compliance Monitoring provides a detailed compliance audit and reporting infrastructure for servers, devices and applications

Active attacker detection: The Process

CNAM involves a distributed network of components that start at security event collection and stretch up to providing automated advisories identifying anomalous attacker trends. This process is better defined in the points below:

  • Integrated intrusion detection engines use various technologies to detect known attacks, anomalies in traffic flows, worm outbreaks and also recognize unknown trends in traffic
  • Local event aggregation collects log events from network devices, security devices, servers, applications and translates, normalizes and prioritizes the requisite information
  • Multi-level correlation processes events from multiple devices by partitioning them into multiple log domains and identifies all suspicious activity
  • Multi-site correlation seamlessly links up and processes information across multiple sites of an organization and provides a consolidated feed of attacker information
  • Attack intelligence and collaboration identifies trends that are within the same time window, across organizations and provides credible threat intelligence advisories with a clear response mechanism.
  • Managed SOC CNAM's Managed Security Service Providers (MSSP) partners or customer's security response teams review the automated detail and respond thereby freezing all attacker sessions

Quick Links

Resources

Benefits of using CNAM
A short write-up on the benefits of the CNAM Security Suite

Quick Intro to CNAM
Brief 4 slider introduction to CNAM

Effective Detection Strategies
Drives through most available options in the detection space.