Downloaded 13 times
Uploaded byManageEngine, Zoho Corporation
Firewall log and network security management - Mumbai Seminar
This document discusses ManageEngine Firewall Analyzer, which provides log analysis and reporting for firewalls. It is available in two editions - Premium for up to 60 devices, and Distributed for large-scale networks. The Distributed Edition allows management of multiple customer firewalls from a centralized installation. Firewall Analyzer provides bandwidth and traffic analysis, security reports on attacks, viruses, and denied events, and device management features like change management and compliance reporting.
In this document
Powered by AI
Introduction to the Firewall Analyzer tool developed by ManageEngine.
Emphasizes the significance of firewall log analysis for monitoring security, traffic, and device configuration.
Introduces the two editions of Firewall Analyzer: Premium Edition and Distributed Edition, catering to different network scales.
Details the Distributed Edition aimed at Managed Security Service Providers (MSSP) and its centralized management features.
Discusses key components of the Firewall Analyzer, focusing on bandwidth, traffic, and security.
Explains how to analyze bandwidth usage and traffic through various reports, addressing critical bandwidth insights.
Highlights different security threats such as attacks, viruses, denied events, and spam monitored by the Analyzer.
Outlines the components of attack reports, listing top attackers, targets, protocols, and attack priorities.
Focuses on virus-related data, showcasing top hosts, affected hosts, and virus status.
Examines denied events, detailing hosts, destinations, protocols, and security events.
Describes device management aspects like change management, rule management, security audits, and compliance.
Present a detailed overview of change management including the types of changes and user information.
Discusses rule management strategies including policy overview and optimization.
Describes components of security audits, focusing on issue finding, impact, recommendations, and ratings.
Details functionalities available in admin reports, such as user logons and executed commands.
Lists compliance frameworks and standards relevant to firewall and security management.
Explains forensic analysis of logs to identify critical security activities.
Describes types of alerts available: normal, anomaly, and bandwidth alerts.
Outlines future roadmap including new rule impacts, policy management, and device auditing.
Discusses the support capabilities for over 50 vendors within the Firewall Analyzer.
Highlights the partnerships and testimonials regarding the Firewall Analyzer's capabilities.
Invites questions and concludes the presentation on Firewall Analyzer.
More Related Content
Similar to Firewall log and network security management - Mumbai Seminar
More from ManageEngine, Zoho Corporation
Firewall log and network security management - Mumbai Seminar
- 1.
- 2. • Firewall logcontains vital information that reveals powerful insights into the security issues. • Without a log analysis it is difficult to monitor traffic flow, security and device configuration. • Eventually resulting in security loopholes. Firewall Analyzer
- 3. FIREWALL ANALYZER ISAVAILABLE IN TWO EDITIONS > PREMIUM EDITION > DISTRIBUTED EDITION EDITIONS
- 4. PREMIUM DISTRIBUTED > SUPPORTSUPTO 60 DEVICES > FOR SMALL OR MEDIUM SCALE NETWORK EDITIONS > FOR LARGE SCALE NETWORK > DISTRIBUTED CENTRAL (ADMIN) COLLECTOR ARCHITECTURE
- 5. > Managed SecurityService Provider can manage multiple customer- site firewalls from a single, centralized Firewall Analyzer installation > Administrator can define the scope of other users > It helps you to collect, analyze, archive, and generate report for your customer firewalls DISTRIBUTED EDITION FOR MSSP
- 6.
- 7. > BANDWIDTH ANDTRAFFIC > SECURITY > DEVICE MANAGEMENT FIREWALL ANALYZER
- 8.
- 9. > Which useris using the bandwidth? > Which host consumes the bandwidth? > What is the bandwidth share of various protocols? > When the bandwidth is bursting at the seams? Network Bandwidth reports answers to a lot of bandwidth related questions.
- 10. > TRAFFIC REPORT >PROTOCOL USAGE REPORT > WEB USAGE REPORT > MAIL USAGE REPORT > VPN REPORT > URL REPORT FIREWALL REPORTS
- 11.
- 12.
- 13. > TOP ATTACKERS >TOP TARGETS > TOP PROTOCOLS USED BY ATTACKERS > TOP ATTACKS WITH PRIORITY > TOP ATTACKERS BY UNIQUE TARGET ATTACK REPORT
- 15. > TOP VIRUSSENDING HOSTS > TOP VIRUS AFFECTED HOSTS > TOP PROTOCOLS USED BY VIRUSES > TOP VIRUSES BY PRIORITY > TOP VIRUS STATUS VIRUS REPORTS
- 17. > TOP DENIEDHOSTS > TOP DENIED DESTINATIONS > TOP DENIED PROTOCOLS > TOP SECURITY EVENTS > TOP BLOCKED URL'S DENIED EVENTS
- 19.
- 20. > CHANGE MANAGEMENT >RULE MANAGEMENT > SECURITY AUDIT > ADMIN REPORTS > COMPLIANCE STANDARDS DEVICE MANAGEMENT
- 21. > Date wisenumber of changes are displayed in Bar chart graph > User who changed > Total number of changes > Type of change details are listed > The changes in configurations like Modified, Added and Deleted are highlighted CHANGE MANAGEMENT
- 24. > Policy OverviewReports > Policy Optimization > Rule Reorder RULE MANAGEMENT
- 27. > Issue Finding >Issue Impact > Issue Ease > Issue Recommendation > Issue Overall Rating SECURITY AUDIT
- 29. > Successful UserLogon > Successful User Logoff > Denied User Logons > Commands Executed ADMIN REPORT
- 30. > PCI-DSS > ISO27002 (2013) > NERC-CIP > NIST > SANS COMPLIANCE REPORT
- 32. • Search theraw logs of Firewall to pinpoint the exact log entry which caused the security activity. Forensic Analysis
- 33. There are threetypes of alert profiles: • Normal alert • Anomaly alert • Bandwidth alert Alert Profiles
- 34. > Impact analysisfor adding a new Rule/Policy > Rule/Policy Risk Analysis > Rule/Policy tracking and expiry notification > Pre-defined alerts for network security events & anomalies > Device Policy Management using CLI and vendor APIs > SNMP based device health monitoring reports > Device Audit report for Login/Logout and duration ROAD MAP
- 35. Support for morethan 50 vendors
- 36. Firewall Analyzer isa technology partner with : Technology partnerships What our partner has to say about us: "This integration offers administrators an incredible amount of visibility into firewall systems. Application control goes deeper with detailed usage reports, while change management, security reporting, event trends, and a detailed compliance report for firewall configuration creates an immediate ROI for customers to present back to their stakeholders." — Ben Oster, WatchGuard
- 38.