Network Security Monitoring with the IPCopper USC8032

In addition to threat detection, network security monitoring with the USC8032 also incorporates analytics and forensics, allowing admins to integrate data collection and analysis in order to build a real-time contextual view of the network environment. Itís not about building a fortress around your network, but rather increasing security visibility in the face of persistent attackers and ever-evolving techniques so that you can spot and investigate potential security issues, accelerate threat detection and determine the scope of network compromises.

To set up a network security monitoring with the USC8032, first make a list of your goals, be they watching for specific threats, overseeing aggregate traffic volume for the whole network, select segments or specific equipment, tracking traffic from certain internet locations or managing other tasks. The USC8032ís thousands of rules and virtual data ďbucketsĒ allow you to set up monitoring structures for multiple and varied network security tasks.

The next step is to create rule and keyword/signature combinations to model the specific threats you would like to catch or describe the aggregate and specific network traffic behavior to be monitored. Then link each combination of rules for threats and network scenarios to its own bucket, so as to track each individually.

If desired, you may also set up individual triggers for each threat and scenario to send email notifications when the described threat events and modeled scenarios occur on the network. These alerts may be further refined with different parameters based on time of day and day of week, to account for a networks natural ebb and flow of traffic type and volume during working and non-working hours.

While the data buckets may be used purely for statistics and alerts, they may also accumulate the actual matching packets and thereby facilitate analysis and forensic investigation as well as enable real-time graphing and visualization of the threat activity via the USC8032ís graphical XML Workspace.

Post-incident and as new threats emerge and evolve, more rule set combinations may be created to track them. With high-speed packet processing and up to ten thousand possible rules, the USC8032 can monitor a large number of threats at multigigabit speeds (please see the USC8032ís benchmark test results for more performance information).

Questions? Please feel free to contact us for more information about the USC8032.

Report: Marketing Cybercrime to Infect America