ADM Functionality

ADM monitors the network to detect attacks directed on the assets of an organisation. Its primary function is to detect any intrusions into the system by analysing and monitoring logs and verifying the netflow and deploying multiple assessments to distinguish the legitimate logs from the malicious logs without disrupting the operational continuity.

Real time attack detection

ADM identifies the attacks in real time by providing netflow data such as information about the source and destination IP addresses, port addresses, IP protocols, etc. to RSEM and traces the activities of malicious logs. Analysis of the netflow also enables the security analysts to identify the other assets the malicious logs probed before attacking a particular asset and thus the extent and intention of the attack can be determined.

DDoS prevention

ADM utilises its traffic anomaly detection feature to detect distributed denial of-service (DDoS) attacks on an organisation's network. Working in sync with the RSEM it correlates behavioural patterns of the attacks identified and logged in the CSIEM engine and detects the attack. ADM compares the regular network traffic and monitors any flow deviation in the network traffic to detect invalid service requests which aids in maintenance of traffic equilibrium hence, preventing the network from crashing.

Worm shielding

ADMs worm detection engine identifies any worms that seek unauthorised entry into the host network by embedding themselves in form of executable files in the emails directed to the host network. It thus nullifies the harm to the network arising on account of the malicious worms.