The neural system of most of the enterprises is the IT infrastructure. With the emergence of social networking, video streaming, peer-to-peer technology, cloud computing and SaaS, it's safe to say that modern enterprises are only as good as their IT operations proccesses, especially in terms of the bandwidth and security they provide. Be it banks securing their data against thefts or business organizations securing their IT infrastructure against security threats and attacks, the lurking threat of getting breached, compromised and damaged by an unknown zero-day intruder is always relevant. Moreover, continuous evolution of intrusion techniques has made the task of ensuring network security increasingly difficult in spite of becoming all the more critical.
Predominantly, the security systems are classified into three types. They are (i) Firewall Systems, (ii) Intrusion Detection/Prevention (IDS/IPS) Systems and (iii) Network Behavior Analysis (NBA) Systems also known as Network Behavior Anomaly Detection (NBAD) Systems. While all three of them have their own unique strengths and weaknesses, they complement each other to form a holistic network security strategy. However, the first two are widely prevalent and perceived as essential components, the third is not so. This leaves the network vulnerable to several zero-day attacks, unknown worms, internal threats, etc., as well as letting them lag behind in terms of overall traffic visibility, access policy decisions, security posture assessment and a reasonably sure confirmation of network security.
Bandwidth monitoring & traffic analysis and network security analytics & behavior anomaly detection are interdependent and complementary by nature. ManageEngine OpManager Plus, coupled with ASAM, unifies these complementary solutions to provide a holistic and reliable decision support system in a single user-friendly interface. While OpManager Plus gives you an in-depth visibility in to your IT infrastructure traffic and bandwidth utilization, ASAM offers continuous security monitoring and anomaly detection capabilities.
Unified Traffic Analytics:
Advanced Security Analytics Module is a network flow based security analytics and anomaly detection tool that helps in detecting zero-day network intrusions, using the state-of-the-art Continuous Stream Mining Engine™technology, and classifying the intrusions to tackle network security threats in real time. ASAM offers actionable intelligence to detect a broad spectrum of external and internal security threats as well as continuous overall assessment of network security (Network Security screenshots).
ASAM Technological Significance:
The Security Snapshot of ASAM displays a list of grouped threats/anomalies as problems and further, the problems are categorized in to three major problem classes (Bad Src-Dst, DDoS, Suspect Flows). The set of classes used for classifying problems with a brief description is given here (Problem Taxonomy). The pie charts and line graphs help the user grasp the overall network "security posture" in one glance. On further drill-down it displays a list of individual events/anomalies, of a specific problem, with detailed information collation for closer investigation by the operator.
ASAM, offered as a simple add-on module of OpManager Plus, leverages the underlying platform's agentless centralized data collection and forensic analysis capabilities, to offer greater value. OpManager Plus is a robust, scalable and a proven platform offering bandwidth monitoring and unified traffic analytics.