Internet Facing Networks

In today’s world Information is power. However, power can be easily misused if not vested in potent hands. Back-door entry into network security is one such situation that can have unimaginable ramifications. Internet facing infrastructures and enterprise verticals such as Business to Consumer Portals, Business to Business Portals, Enterprise Portals, Critical Informative Portals, Corporate Web sites, etc. are the most vulnerable targets for such attacks and posed with a constant threat from intruders with malicious intent. Securing the networks of such portals is an uphill task and often involves installation of multiple layers of security. However, the network security devices installed in such portals face the challenge of performing data break-up & analysis of the logs generated from these multiple security devices then identify & filter the bugs from the false positives, and then take a corrective action. Absence of a common thread between various IPS and IDS installed at multiple levels in such network portals is thus the biggest obstacle in achieving objective and active troubleshooting of threats to the network security.

CNAM with its unique correlation logic enables the Security Operations of an enterprise to monitor, correlate and analyze the data throughout the network on a single console. CNAM's correlation engine provides the much needed power to cross correlate between raw logs and pre-processed information. This allows the users to identify detected attackers by establishing a correlation pattern between open source security feeds and network level activity. Also the user can implement the freely available information provided by the correlation engine to ensure a more secure network. The correlation engine used by CNAM is extremely flexible to fit in the requirements of varied network distribution of different set-ups can be easily scaled up to add new networks to the existing set-up. CNAM can be installed in almost negligible time as compared to the installation time taken for incorporating an IDS or IPS in an enterprise set-up.

Challenges: Managing security for the web infrastructure

• Insight into the existing security landscape the network security of an organization or a business vertical is at least a two layered or a three layered security system, comprising of firewall, IPS, IDS, etc. With these systems, the most basic challenge is the data normalization and analysis of the logs generated by the security devices.
• Difficulties in managing high rate of false positives the hash value of a valid data packet sometimes matches with the one defined in a signature of an IPS/IDS. In such a scenario the IPS and the IDS treats such incidents as an attack and generates false positives. Managing and analyzing the high rate of false positives is the most cumbersome facet of managing network security.
• The Latest IPS/IDS Signatures are insufficient even with the most advanced network security firewalls, IPS and IDS and with continuous threat definition updates and signatures the organization networks are still penetrated and hacked.
• Managing different sources of security feeds with network security feeds available from various sources across the globe getting updated continuously, it’s virtually impossible for Security Operations on an organization to implement these feeds in their network on a regular basis.
• Website Defacement is a situation that can bring huge embarrassment to an organization and reduce its credibility. As per the data of CERT-IN, there are almost 1981 instances of web site defacement in India in the time period spanning Jan. 01 to Mar. 31, 2010.
• Compliance standards monitoring adhering to the guidelines, procedures and compliance standards post acquiring compliance certifications such as PCIDSS, HIPPA, GLBA, ISO, etc. and monitoring the breaches is one of the most difficult activities.

Benefits of using CNAM

• Monitoring security landscape CNAM eliminates the need for Security Operations to understand the extensive logs and simplifies the reactive measures to troubleshoot the security incidents.
• Reduction of false positives with a strong central repository and leveraging on the capability of advanced correlation, CNAM is an advanced security management tool to reduce the false positives generated by network firewalls, IPS, IDS, etc.
• Real time detection of an Active Attack with a global central repository that is active 24X7, CNAM is the only Security management system that gives real-time information about active attacks happening on the network of an organization.
• Real-Time attack intelligence the global central repository of CNAM enables real time attack intelligence with the aid of continuous sourcing of security feeds that are updated on a continuous basis.
• Detect vulnerability exploration activities on the website with the unique co-relation feature that is an inherent property of the CNAM, an organizations Security Operations is able to monitor and analyze vulnerability exploration activities by an intruder or a hacker and equips an organization to take proactive approach towards securing the network.
• Real-time business focused advisories on attacks happening across the globe the central global repository studies and identifies various security incidents globally across all the business verticals and domains and helps CNAM to generate and provide advisories.
• Business focused customized correlation with CNAM an organization can customize and consolidate all the information across all its business verticals and utilize it to its benefit.
• Compliance monitoring & reporting CNAM allows an organization to monitor, identify & alert any breaches in adhering to the guidelines and procedures post-compliance acquisition.
• Scalability and deployment time CNAM can be deployed and scaled within a short span thereby reducing the time for ROI (return on investment).