caplon service and security monitoring

Integrated Service & Security Monitoring solution for complex network infrastructures

caplon© Service & Security Monitoring provides a comprehensive overview of the events taking place in the network. As a result, technical staff, IT security experts and management have individual, selective views on the company networks, which enable them to reduce risks from cyber threats and costs due to technical incidents.

Increased network resilience by a permanent vulnerability scanning

  • Detection of typical gateways and policy violations at the perimeter
  • Detection of OT/IT vulnerabilities and system vulnerabilities in real time
  • Check of compliance rules and show results in an event monitor that is permanently updated
  • Presentation of the analysis results in clear reports
  • No additional network load due to purely passive analyses

Checking network traffic for anomalies in order to detect attacks at an early stage

  • Detection of anomalies (e.g. during an attack) based on the collected communication characteristics out of the network traffic with low false positive rate
  • Higher protection especially against unknown forms of attacks
  • Increasing analysis quality by self-learning anomaly detection (machine learning algorithms)
  • Clear presentation of anomaly monitoring in a real-time monitor

Detection of hidden control communication and APTs

  • Detection of hidden channels for malware control and data exfiltration
  • Detection of infection attempts by manipulated network connections (manipulation routing protocols, quantum insert, etc.)
  • Detection of virtual tunnels (gate, VPN, etc.)
  • Investigation of generic patterns ---> Detection of previously unknown attacks (signature-based methods require that the corresponding type of attack has already been analyzed beforehand)

Why security monitoring?

  • IDS systems and next-generation firewalls search for signatures. This requires that a certain type of attack is known and has been analyzed beforehand. They do not help with zero-day exploits.
  • Firewalls block unauthorized access at the perimeter. Advanced attackers can usually overcome firewalls. Malware can also get into companies via social engineering & phising or via infiltrated websites. On average, it takes more than 200 days for companies to detect that they have a running attack.
  • It therefore makes sense to look what is happening in your own network.
    ---> The BSI recommends the introduction of monitoring and anomaly detection for production networks (BSI-CS 134).

Behavioural analysis and anomaly detection

Attackers leave tracks:

  • Suspicious network traffic to command and control servers or generally never-before-seen communication relations
  • Abnormal user behavior, e.g. log-in at unusual times
  • Strange behavior of systems and burst-like events
  • Unusually high load on systems / high number of queries
  • Modified payload in standard protocols

These behaviours can already be effectively monitored with caplon© service monitoring.

Service monitoring for the implementation of recommended measurements by NIST

In the context of IT security, essential measurements can be implemented with caplon© service monitoring:

  • Asset exploration, detection of shadow IT
  • Analysis and monitoring of communication relations
  • Analysis and monitoring of system behavior (protocols, data volumes, error codes, …)
  • Analysis and monitoring of WAN routes and Internet accesses
  • Analysis of burst-like events

Why service AND security monitoring?

By combining the technical and security views, IT teams can better assess security alerts:

  • Differentiation between cyber attack and technical incident
  • Behaviour of the systems (protocols, data volumes, error codes, …) in the past and at the time of an alarm
  • Communication relations of affected systems
  • Insight into network packages as needed
  • Efficient making of forensic analyses

caplon© security monitoring complements caplon© service monitoring with passive vulnerability analysis, enhanced behavioral analysis and APT detection.

Your cookie settings

Technically necessary (essential) cookies

Information on the individual cookies

  • Show more

    Technically necessary (essential) cookies

    Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    Name fe_typo_user
    Purpose Secures anti-spam measures when using the contact form
    Expiration Session
    Type HTTP
    Name conCookieSettings
    Purpose Saves the consent to cookies
    Expiration 30 days
    Type HTTP
    Name mtm_consent_removed
    Purpose Used by Piwik Analytics Platform (matomo) to determine that the tracking has been contradicted
    Expiration 1 month
    Type HTTP
  • Show more


    Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

    Name matomo.php
    Purpose Records statistics about the user's visits to the website, such as the number of visits, average time spent on the website and which pages were read.
    Expiration Session
    Type HTTP
    Name _pk_id#
    Purpose Records statistics about user visits to the site, such as the number of visits, average time spent on the site and which pages were read.
    Expiration 1 year
    Type HTTP
    Name _pk_ses#
    Purpose Is used by the Piwik Analytics Platform (matomo) to track page requests of the visitor during the session.
    Expiration 1 day
    Type HTTP
    Name _pk_testcookie..undefined
    Purpose Is used by Piwik Analytics Platform (matomo) to check whether the browser used supports cookies.
    Expiration Session
    Type HTTP
    Name _pk_testcookie.#
    Purpose Is used by Piwik Analytics Platform (matomo) to check whether the browser used supports cookies.
    Expiration Session
    Type HTTP