Network Security Monitoring (Behavioural Analysis)
CNS Mosaic Managed Services use a Unified Security Management (USM) Platform to provide Network Security Monitoring.
The USM service provides comprehensive security visibility and is critical in uncovering security breaches; providing a holistic view of events across customer networks and reflects the need to identify security incidents at various touch points:
Asset Discovery and Inventory
The asset discovery module utilises in built active network scanning, passive network monitoring, asset inventory, host-based software inventory components. These are used to provide visibility to the assets on customer’s networks to ascertain:
- What devices are on my network?
- What are users doing?
- What vulnerabilities exist in my network?
- Are there known attackers trying to interact with my network?
- Are there active threats in my network?
Behavioural monitoring for network & systems is essential for spotting unknown threats. It's also useful in investigating suspicious behaviour and policy violations.
It is designed to understand “normal” system and network activity. Using the built-in network behaviour monitoring CNS can provide incident response when investigating an operational issue or potential security incident. Additionally because CNS can combine network behavioural analysis with service availability monitoring they are able to provide a full picture of system, service, and network anomalies.
Log collection is the ability to ingest log data into the system for automatic import and integration. This is a fundamental principle of the service because with it the current security posture of a network cannot be ascertained.
Network Flow Analysis
Performs network behaviour analysis without needing the storage capacity required for full packet capture. Network flow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.
The service provides the following benefit to customers:
- 24 x 365 Monitoring – someone is watching the system all the time and this offloads need for a 24 x 365 internal response team.
- Expert and knowledgeable response to IT, network and security events.
- A defence policy defines how to filter alerts and what to respond to.
- Service responds to suspicious activity, either external or internal, with source and destination addresses, actions taken and impact.
- Log event storage - secure storage, retention and deletion of logs.
- All signature updates applied by CNS Service Desk and tested beforehand.
- All lifecycle management updates and patches, managed by CNS as part of the managed service.
- Fixed annual cost for managed service, appliance and all updates.
Our security experts will plan and deploy the devices and manage the on-going tuning and configuration updates to ensure maximum protection of your sites and their assets.