Software for the safety analysis examines log and event data from applications, endpoint -Kontrollmechanismen and network defenses. This helps companies improve the general IT security. Companies understand attack methods and vulnerabilities in better systems. Thus attacks can ward before they take place. Furthermore, one can see which systems are affected during an attack.
The selection of software for security analysis is extensive. For this reason, the decision-making process for companies can be confusing. Various products advertise for example with different key functions. Here we are talking about, among other possibilities, reach in the analysis and the cost. Before you decide on a program for security analysis, you first need to know the company’s priorities.
Of course, the costs for any company is an important point. Other aspects differ from company to company. These include:
- use of software for safety analyzes on virtual machines or on dedicated appliances
- It is expected that the network traffic increases rapidly in the foreseeable future.
- Potential weaknesses in the compliance practices.
- The ability to cause analysis and detailed forensic analysis to carry out, it should have come to a data security breach.
Rate company their priorities in terms of software for security analysis, then you should keep several criteria in evaluating in mind. This article outlines the following functions, so you can classify the performance of various products:
- Deployment Models
- modularity
- scope of the analysis (types of threats )
- depth in the analysis (network layer)
- Support for forensics
- monitoring, reporting and visualization
Note the relative importance of each function. Feels security team of a company of data overwhelmed, then there must be special attention to monitoring, reporting, visualization and also place scalability. The selected system may need large amounts of data (scalability) process and so be able to prepare that key information in the security pros arrive (monitoring, reporting and visualization). Has a company, however, already adequate resources to address threats in use, you may put more emphasis on modularity. This reduces costs by eliminating redundant features are avoided within a security infrastructure.
. 1 Providing software for the safety analysis
It is tools for security analysis as an appliance or virtual machine. It is also possible to install the software on dedicated servers.
Appliances combine hardware and software in a single product. This allows system administrators to hang the unit on a network and perform the necessary configuration. You can then immediately begin to collect data.
appliances minimize the configuration effort for the buyer. Smaller companies or IT departments with limited resources are probably very interested in an appliance. The providers can continue to contribute case studies and best practices. Thus, the system may be activated more quickly from unpacking to use and during the installation may go less support calls one.
An implementation using virtual machines allows customers to use existing capacity in a virtual environment. This may be a good option for small and medium businesses or branch offices. If the volume to grow to data, system administrators can allocate additional resources regarding CPU and RAM, so the greater load is collected. An implementation via virtual machine means more administrative overhead than with an appliance. However, you should outweigh against the advantages from which you benefit from the use of existing hardware.
The option with the installed software provides administrators with the most flexibility in the use of security analysis tools. Applications can be installed on dedicated servers or in virtual machine environments. Furthermore, you can use containers to standardize a configuration, you might want to use in several branches. Containers can offer some of the benefits of virtualized environments, but you need at this point no hypervisor. In this way you may reduce overhead in managing the systems.
. 2 Modularity
Software for security analysis may include a wide range of services. This includes analyzing low angesiedeltem network traffic to higher-standing application protocols. Some companies might be knit analysis tools for special applications, such as e-mail.
Because of this you do not need any further e-mail features in a tool for safety analysis. Large security platforms often provide modular options in specific areas, for example for web, email and file-based threats. Can companies select only needed functionality, which is used to control costs. You should consider at an evaluation in any case.
. 3 Scope of the analysis (types of threats)
The threats are constantly evolving. Certain malware that put up a few years ago the bar, is now “commonplace”. Perhaps many cybercriminals have access to the appropriate malicious code. Software for the safety analysis must possess the ability to analyze several types of harmful activity. In addition, they must recognize patterns emanating from the combined activities.
malicious activity can be as banal as scanning for open ports on a firewall to be. But sneaky emails with spear phishing to senior management is feasible. Advanced Persistent Threats (APTs) use several techniques to obtain access to data, applications and network resources.
APTs may start with downloading software from a compromised site, with which a control from outside is possible. The attacker can then begin to explore the network and infect other vulnerable machines. Furthermore, now can be information about users and applications collect.
The buyer should make about the data types thought to be investigated by the security analysis tools. Can they detect anomalies in network traffic emanating from a client device, the other devices tested and information on the network topology collected? Can the software provide related events in a relationship?
What is meant is, for example, visiting a potentially compromised site, followed by strange patterns appear in the network communication. Can the software for the safety analysis check log files of applications and the server? This is also true of warnings that have been generated by other security devices.
Also note the need for timely security information. Some providers maintain global networks for information that constantly collect and analyze information on malicious activity. These serve as early warning systems and assist in the detection of emerging threats.
The analysis of threats is a challenge and it is likely to come to so-called false positives. Do companies have only limited possibilities for security analysis, you should very carefully evaluate the options that you can use effectively.
A related topic to the extent of analysis is the depth of the analysis.
. 4 Depth of analysis (network layer)
The OSI model (Open Systems Interconnect) describes seven network layers. It is here of deep physical layers above the data link layer up to the application level. Tools for security analysis, can collect the data from the layers Datalink and application, have significant performance in terms of depth.
analysis at the application level is very important in order to detect malicious activity can, by the lower classes have cheated. For example, an injection attack from an unknown IP address could be blocked by servers only allow connections from known devices. If the injection attack but start from a trusted, but compromised device, then the control of the underlying network
If a tool for security analysis would not block the attack. Examine the protocols at the application level, is a recognition of malicious communications between servers and trusted devices possible.
. 5 Support for forensics
The aim of security analysis is to prevent break-ins. However, there will also be times when a company’s infrastructure is already compromised. At this point it is important to implement an incident response plan (incident response plan). This requires support for forensics.
This includes features such as the identification of involved or compromised devices. Even the replay of network traffic is necessary. In order to find out the ways in which cell phones and security measures have been compromised. Furthermore, the combining of data from multiple sources is important, plus the identification of the time of the attack.
Many of the tools and reporting techniques that are used in forensic analysis, prove useful for the ongoing monitoring.
. 6 Monitoring, reporting and visualization
A major reason for the use of a software for the safety analysis, is to have a single and central point of access to the security data in the enterprise. Only collecting information is not enough. You have to integrate the data and be pulled together. The events must be identified and assessed. The software must report suspicious events and the tools for the monitoring should filter out extraneous events.
Analysts need aggregate data, to understand the activities of network and equipment at a high level. However, detailed information on suspicious events are important. These necessities fulfill tools for monitoring, reporting and visualization within a platform for security analysis
Software for safety analysis. What you should consider
In the evaluation of products for safety analysis should six key factors Note: Broad delivery models, modularity, scope of analysis, depth of analysis, support for forensics, and the Session Monitoring, Reporting and Visualization
- Search companies by fundamental tools for security analysis and want minimal overhead. If you pull appliances into consideration. In this case you are evaluating based on the reporting quality and the reasonable amount.
- If you want to learn mainly from burglaries, you should put priority on forensics capabilities.
- Is the system safety analysis is an important part of daily business, then it should in any event contain features for reporting and visualization.
Some functions you certainly benefit more than others. Therefore, it is crucial that you understand the relative importance of these features for your company. This applies especially when the costs play a major role
Follow SearchSecurity.de on Twitter, Google+ and Facebook
Article was last updated in August 2015
No comments:
Post a Comment