Read article - Devoteam Genesis by xiaoyounan

VIEWS: 0 PAGES: 2

									                                                        DEVOTEAM GENESIS PRESS



                                                                                                                        Ostermundigen +41 31 560 35 35
                                                                                                                        Zurich        +41 44 455 60 81

 INTERNAL AND EXTERNAL IT SECURITY                                                                                      Carouge
                                                                                                                        Support
                                                                                                                                      +41 22 732 16 27
                                                                                                                                      +41 31 560 35 40




 Efficient log management and network behaviour analysis

 How dangerous are «insiders» in reality for your sensitive data, and what is the best
 way to expose data misuse or data theft? How can I collect and evaluate the large
 amount of log data? How can you optimise security monitoring and network analy-
 sis without great expenditure?

 The security expert «in the box» Organisations whose networks and critical data
 are increasingly at risk usually have only limited possibilities and knowledge in this
 area. With ArcSight Express there is now a simple, automated and cost-efficient solu-
 tion available for smaller and medium-sized environments too. This solution analyses
 logs of all devices and systems, determining whether potentially hazardous incidents
 will occur and informing administrators on time so they can take corresponding ac-
 tion.

 Highlights:
 • Comprehensive monitoring of the security of devices, networks and servers
 • Automation of security operations
 • Appliance solution which is easy to prepare and manage

 ArcSight Logger supports different activities which can be optimised both for small
 companies and also for large, heterogeneous and widely distributed environments.

 Simplified collection, storage and analysis of log data ArcSight Logger is an
 appliance which is immediately ready for use for collecting, efficiently storing and
 performing powerful searches and reporting for all log data of a company. It has a
 high-performance reporting and alert engine and can work both as a standalone
 appliance and as a powerful addition for the use of ArcSight ESM and the broader
 ArcSight platform.




 Highlights:
 • Comprehensive log compilation and log repository in audit quality
 • Powerful analysis and Collection of raw log data and optimised standard
   collection for more than 275 different sources
 • Secure collection and storage, integrity checks, granular access rights and
   automated storage guidelines
 • Comprehensive reporting and real-time alert engine with pre-installed regulatory
   content in detecting attacks by classifying them as abnormal network behaviour.

                                                       CONNECTING BUSINESS & TECHNOLOGY


Devoteam Genesis AG                                    Devoteam Genesis AG                             Devoteam Genesis SA
Bernstrasse 34 − CH-3072 Ostermundigen − Switzerland   Binzstrasse 18 − CH-8045 Zürich − Switzerland   avenue Industrielle, 4-6 − CH-1227 Carouge − Switzerland
Phone +41 31 560 35 35 − Fax +41 31 560 35 45          Phone +41 44 455 60 81 − Fax +41 44 455 60 85   Phone +41 22 732 16 27 − Fax +41 22 732 16 28
info@devoteam.ch − www.devoteam.ch                     info@devoteam.ch − www.devoteam.ch              info@devoteam.ch − www.devoteam.ch
                                                        DEVOTEAM GENESIS PRESS



 Efficient log management and network behaviour analysis                                                                Ostermundigen +41 31 560 35 35
                                                                                                                        Zurich        +41 44 455 60 81
                                                                                                                        Carouge       +41 22 732 16 27
 Internal IT security using network behaviour analysis (NBA)                                                            Support       +41 31 560 35 40
 NBA is a new and modern concept to meet the changing security requi-
 rements of company networks. NBA can detect both known attacks and
 also new threats from inside and outside, can establish future sources
 of danger and, if necessary, can react directly on behalf of the company.

 StealthWatch Architecture The strength of NBA here is in detecting attacks
 by classifying them as abnormal network behaviour. StealthWatch, the NBA so-
 lution from the company Lancope, uses a previous learning period as a basis
 for «knowing» the «normal» traffic and can use policies to decide what will hap-
 pen with «abnormal» traffic. This enables it to immediately take (automatic) coun-
 termeasures if there are irregularities in the data traffic of the entire network. This
 means secure protection even against the latest viruses, worms and Trojans,
 including when these make their way into the network from internal sources.

 For the first time it is also possible to protect each individual port from inter-
 nal misuse so that if misuse is detected, these become blocked or limited and
 any volume of data differing from the norm is prevented. The major advan-
 tage is that already available data (NetFlow™, sFlow, cFlow) of the existing IT en-
 vironment is used and NO additional agents or probes are necessary. This
 is beneficial in terms of costs and also makes implementation much easier!

 What are the advantages compared with conventional solutions?

 Unlike conventional solutions NBA learns independently and immediately detects forms
 of attack and methods, including those which are unknown so far. The StealthWatch
 system therefore does not need external attack and signature information. NBA auto-
 matically monitors the entire network traffic. Thanks to the central use of the system
 and collection of data using available network com-
 ponents, it is not necessary to have a security solu-
 tion at all the connection points which are potentially
 at risk. This means costs are much lower for network
 security with increased security at the same time.

 What requirements must be met for imple-
 mentation? Nearly all modern enterprise net-
 works fulfil the requirements for use of NBA. The
 existing data of the network components can
 be used to represent the network traffic entire-
 ly. No special know-how is necessary for wor-
 king with the system. The system works independently after implementation.

 Devoteam Genesis AG is a Swiss stock corporation and part of the French Devo-
 team Group with more than 4600 employees in over 24 countries. As a certified
 ArcSight and LanCope partner we provide total IT security management solutions.



                                                       CONNECTING BUSINESS & TECHNOLOGY


Devoteam Genesis AG                                    Devoteam Genesis AG                             Devoteam Genesis SA
Bernstrasse 34 − CH-3072 Ostermundigen − Switzerland   Binzstrasse 18 − CH-8045 Zürich − Switzerland   avenue Industrielle, 4-6 − CH-1227 Carouge − Switzerland
Phone +41 31 560 35 35 − Fax +41 31 560 35 45          Phone +41 44 455 60 81 − Fax +41 44 455 60 85   Phone +41 22 732 16 27 − Fax +41 22 732 16 28
info@devoteam.ch − www.devoteam.ch                     info@devoteam.ch − www.devoteam.ch              info@devoteam.ch − www.devoteam.ch

								
To top