The chain is only as strong as its weakest link. It’s not the number of security holes plugged that is important, but one significant crack, through which the whole network is breached, is the most critical. The number of events to be monitored depends on how effective your NBA system is, and also on the intensity of threats posed by your network. The task of monitoring all the events could become quite tedious, more so with inclusion of false positives. But, with such high stakes, every single alert raised, needs to be monitored. There are, of course, ways to reduce the false negatives and making the reports easy-to-understand. Other than reducing the false positives, classifying and organizing the events / problems makes the job easier for you.
The ‘Event List’ in ASAM lists, classifies and organizes all the events that might become attacks. Also, ASAM assigns severity of an event; this allows you to prioritize your actions. The event list shows the following details related to a particular event
 |
|
ASAM also gives an user-friendly advanced filter option that helps you fine tune your report. This filter narrows down the security snapshot report based on the criteria provided by you. The available criteria are Class-problem, target entity / host, offender entity / host, router / interface name, severity and status.
No one knows your network better than you. You might be running an in-house application from a server, which an NBA system might think of as a suspicious flow. In a case like that, ASAM gives you many ways to disable, ignore or discard such false positives.
ASAM, offered as a simple add-on module of NetFlow Analyzer, leverages the underlying platform's agentless centralized data collection and forensic analysis capabilities, to offer greater value. NetFlow Analyzer is a robust, scalable and a proven platform offering bandwidth monitoring and unified traffic analytics.