Specializations › Information security › Detecting attacks and immediate response
Attempts of unauthorized access and attacks on an information system resources are possible both from external networks and from inside the corporate system. Special technical facilities are used to effectively detect violation of the real-time protection of resources and timely respond to this. An optimal solution is an integrated system for detecting attacks on several levels.
The first level is based on intercepting and analyzing the network traffic in real time to automatically detect violations from external networks or segments of one network and timely respond to this. This can be used for monitoring the network traffic on the firewall or router, as well as in the demilitarized zone or any segment of the network. For this, special detectors are installed at the input to the network or network segment being protected.
This level detects different kinds of network attacks based on exploiting vulnerabilities in protection systems for system and application software, web and e-mail servers, firewalls and routers; monitors the sessions of network services used; detects DoS attacks, port scanning and improper use of standard commands of application level protocols. In response, the following actions can be used: logging and monitoring UA, session termination, and notification of UA attempts (by e-mail, to a pager and a control console, and by SNMP).
The second level detects attacks on specific IS resources located on servers and user workstations. It is based on analyzing the audit logs of the OS and applications. For this, software agents are installed on respective network components.
This protection level provides real-time monitoring of all workstations and IS servers, automatic detection of attacks and unauthorized activities of internal and external users and/or processes. The counteractions can be notification of the security administrator, termination of a user’s work session, process termination and event logging in a database for subsequent analysis.
The centralized system for monitoring all attack detection components manages the IS security policy, creates rules for detecting UA attempts or suspicious actions, review attack information and generate different reports.
Partners:
 |
|
|
|
You can contact our specialists online and get the consultation