2. About ManageEngine
IT Security
Management
Network
Performance
Management
Server
Performance
Management
Application
Performance
Management
Desktop
Management
Active Directory
Management
IT Helpdesk
• Owned by Zoho Corporation
• 90,000+ customers worldwide
• 25+ IT management products
3. What is IT Security?
• Deploying firewall & IDS
• Adhering to compliance
• Or more?
4. Various types of an attack
DDoS
Password DoS
cracking
IP Spoofing
Sniffers
Privilege
misuse
Man-in-the-middle
Attacks
5. Why do security threats
happen in-spite of
deploying firewall & IDS?
6. Firewall & IDS provide basic security
What they miss is to find out advanced attacks such as
DDoS, zero-day intrusions, etc.
Network Security
System
Input data Methodology
Firewall Packet header • Access policy enforcement
• Simple interaction patterns
IDS Packet header & payload • Detailed signature matching
• Simple interaction patterns
7. Large enterprises & data centers
need EXTRA SECURITY to
prevent advanced attacks
8. Hackers exploit vulnerable networks
• BYOD & cloud computing make
networks MORE VULNERABLE
• PC world: 70% of attacks happen
due to internal vulnerabilities
9. DDoS – Distributed Denial of Service
• Flooding junk traffic
• Coordinated stream of requests
• Slows down network or app
10. DDoS – Distributed Denial of Service
77% targeted
bandwidth &
routing
infrastructure
23% were
application
attacks
11. Misuse of privileges
• Accessing critical resources
• Should be identified in real-time
12. Highly impossible to identify such
attacks with manual process
• Attacks usually follow patterns
• Starts as breach/intrusion
• Develops into an attack
• Breach/intrusion should be found
in real-time
15. Advanced security protection
Network Security
System
Input data Methodology
Firewall Packet header • Access policy enforcement
• Simple interaction patterns
IDS Packet header & payload • Detailed signature matching
• Simple interaction patterns
Log Monitoring System and application log
files
• Actions done on the device, file, and
application
Flow Monitoring Flow from network devices • Advanced interaction patterns &
sessionization
• Statistical analysis
• Access & traffic policy monitoring
16. Automated tools come handy
• Analyses flows from a security
perspective
• Monitor logs for suspicious
activities
17. Monitoring flows provides
visibility into the network
• Flows provide information on
traffic
• Easy to identify unnecessary or
suspicious traffic
18. Monitoring packet flows
• Analyze packets exported
• Identify anonymous IP sending
requests
• Identify scan/probe, DDoS, bad
source
• Change network configuration to
block anonymous traffic
19. Logs help finding suspicious
behavior
• Logs record all activities done on
devices (server)
• Patterns can be identified from
logs
• Action can be taken
20. System & Application Log Monitoring
• All applications & systems
generate logs
• Monitor such logs for suspicious
print, error codes, etc.
21. Instant alerting
• Advanced tools out-of-the-box
check for patterns
• Raise alert instantly
• Customizable to every business
needs