HomeSolutions › Information Security Monitoring

Information Security Monitoring

Security Monitoring

There are currently only a few tools that monitor information security events, screening firewalls and intrusion detection systems (network-based and host-based), but also of logs and alerts / error messages from routers, switches, anti-virus and content scanning applications, backup applications, and PBX-critical *nix and other servers, etc.

In some cases, security management teams must also handle security events from physical security devices such as card readers, motion detectors and cameras, the security alarm of secure doors and gates, fire alarm and sensors for climate control. 

Most big vendors of security equipment have their own specific event monitoring system. The vendor A tool may only be used for logs or events to used by products from vendor A, while the vendor B tool can only be used to consolidate information coming from products from vendor B. Even with these tools, an administrator usually has little time available to monitor security throughout the entire company.

Besides the lack of time and, in many cases, the lack of vendor independent tools, a supplementary reason why enterprise security monitoring is not an easy task, is “false positives”. A false positive has an event launching a security alert, but the event is not always security related or relevant. Lacking a good "vision" on a host or network, a "loosely" configured host-based or network-based intrusion detection system can generate a high number of false positives. The problem is that many administrators do not have enough time or monitoring knowledge to investigate the large number of events generated by this "loosely" configured intrusion detection system. And host-based and network-based intrusion detection systems are only two types of systems that can generate false positives. They can also be created by many other systems. 

Monitoring the safety of a business begins with a complete and correctly integrated implementation of the monitoring system.

 

Event Correlation

The next step of information security monitoring is capturing the knowledge and analytical capabilities of the security experts in which to apply an integrated security-monitoring platform. Super-Visions offers an integrated platform between them (correlation) shows the events from the logs and alerts / error messages from various security technologies, right up to information access logging. 

There is currently a major problem with intelligent event correlation across the information security industry. There is no standard for logging security related information or alerts / failure notifications. Each vendor uses their own logging or alerting methodology on security related events. 

Super-Visions can help your organization to capture data from such heterogeneous systems. And with expert advice and a tailored service, bring the alarms in an integrated visualization and alerting platform. 

 

Real Information Security Monitoring

Today, Information security monitoring does not limit itself any more to security perimeter monitoring. Indeed, Super-Visions is a leader on the front of firewall and network security monitoring. In addition, Super-Visions goes several steps further with extended information security packages:

  • Network Protection

Designed to protect your communication infrastructure against malware like viruses, spyware, worms and trojans. This allows organizations to continue high-performance network operations with complete transparency and without any regard to potential malicious infections, not captured by any anti-virus or anti-malware applications in place, through its proactive detection of new and unknown malware.  Traditional security gateways use proxy solutions and these solutions have several drawbacks. The most important consequence is the latency in data traffic created by the proxy itself. A proxy holds back the entire stream of files, something Super-Visions avoids by being transparent to the traffic. Super-Visions lets the data pass through, only holding back the necessary packets needed to perform a malware scan.

When Super-Visions detects a malicious file in transfer on your network, it actively terminates the file transfer and blocks the specific network path to prevent other users or systems from accessing the same file and alarms directly into the central monitoring console, giving the correct alarm to the correct team or person. Since the solution is independent of network topology and other networking units, it provides value from the second it is installed in the network. The ease of deployment and use grant value at once – Super-Visions monitors viruses, worms, trojans, spyware, and other malware and includes a powerful management and reporting tool to provide efficient status and reports on the malware situation in the network.

  • Device Control

Enforce USB Security Policies for Removable Media Devices, Data Encryption and Port Protection; To enhance productivity, organizations need to allow employees and partners access to data; and more employees are working remotely, thus requiring access from outside the network. But the potential impact of data loss is a very real concern, be it accidental or malicious. And today, removable devices (such as USB flash drives) and media (such as CDs/DVDs) are the most common data leakage routes -- no file copy limits, no encryption, no audit trails and no central management.

The problem of data leakage due to the accidental or sometimes malicious use of removable devices and/or removable media has reached alarming levels. In fact, over 85% of privacy and security professionals reported at least one breach and almost 64% reported multiple breaches that required notification. Super-Visions provides enforcement of removable device usage and data encryption policies, central management of devices and data using a whitelist / “default deny” approach and enablement of productivity-enhancing tools while limiting the potential for data leakage and its impact

  • Application Control

Prevent  unauthorized software applications; the battle to protect your network from unauthorized software is a costly, ongoing struggle taking up valuable IT resources and time. When a new  threat appears, you have to stop what you’re doing and immediately to protect your data, taking valuable time away from daily activities.

With Super-Visions application control monitoring, you have the benefit of endpoint protection from malware without relying on signature updates, optimized IT support with decreased helpdesk calls to support unauthorized software, improved system availability and service levels by preventing known and unknown threats, audit-readiness with detailed tracking of all application execution attempts and policy changes.

As always, all monitoring comes non-intrusive for the systems and networks and fully integrated with existing or other monitoring systems or service management tooling.