caplon service and security monitoring
Integrated Service & Security Monitoring solution for complex network infrastructures
caplon© Service & Security Monitoring provides a comprehensive overview of the events taking place in the network. As a result, technical staff, IT security experts and management have individual, selective views on the company networks, which enable them to reduce risks from cyber threats and costs due to technical incidents.
Increased network resilience by a permanent vulnerability scanning
- Detection of typical gateways and policy violations at the perimeter
- Detection of OT/IT vulnerabilities and system vulnerabilities in real time
- Check of compliance rules and show results in an event monitor that is permanently updated
- Presentation of the analysis results in clear reports
- No additional network load due to purely passive analyses
Checking network traffic for anomalies in order to detect attacks at an early stage
- Detection of anomalies (e.g. during an attack) based on the collected communication characteristics out of the network traffic with low false positive rate
- Higher protection especially against unknown forms of attacks
- Increasing analysis quality by self-learning anomaly detection (machine learning algorithms)
- Clear presentation of anomaly monitoring in a real-time monitor
Detection of hidden control communication and APTs
- Detection of hidden channels for malware control and data exfiltration
- Detection of infection attempts by manipulated network connections (manipulation routing protocols, quantum insert, etc.)
- Detection of virtual tunnels (gate, VPN, etc.)
- Investigation of generic patterns ---> Detection of previously unknown attacks (signature-based methods require that the corresponding type of attack has already been analyzed beforehand)
Why security monitoring?
- IDS systems and next-generation firewalls search for signatures. This requires that a certain type of attack is known and has been analyzed beforehand. They do not help with zero-day exploits.
- Firewalls block unauthorized access at the perimeter. Advanced attackers can usually overcome firewalls. Malware can also get into companies via social engineering & phising or via infiltrated websites. On average, it takes more than 200 days for companies to detect that they have a running attack.
- It therefore makes sense to look what is happening in your own network.
---> The BSI recommends the introduction of monitoring and anomaly detection for production networks (BSI-CS 134).
Behavioural analysis and anomaly detection
Attackers leave tracks:
- Suspicious network traffic to command and control servers or generally never-before-seen communication relations
- Abnormal user behavior, e.g. log-in at unusual times
- Strange behavior of systems and burst-like events
- Unusually high load on systems / high number of queries
- Modified payload in standard protocols
These behaviours can already be effectively monitored with caplon© service monitoring.
Service monitoring for the implementation of recommended measurements by NIST
In the context of IT security, essential measurements can be implemented with caplon© service monitoring:
- Asset exploration, detection of shadow IT
- Analysis and monitoring of communication relations
- Analysis and monitoring of system behavior (protocols, data volumes, error codes, …)
- Analysis and monitoring of WAN routes and Internet accesses
- Analysis of burst-like events
Why service AND security monitoring?
By combining the technical and security views, IT teams can better assess security alerts:
- Differentiation between cyber attack and technical incident
- Behaviour of the systems (protocols, data volumes, error codes, …) in the past and at the time of an alarm
- Communication relations of affected systems
- Insight into network packages as needed
- Efficient making of forensic analyses
caplon© security monitoring complements caplon© service monitoring with passive vulnerability analysis, enhanced behavioral analysis and APT detection.