No matter how fine your defense systems are, you need to have someone to make sense out of the huge amount of data churned out of a edge device like firewall and the system logs. The typical enterprise logs about 2-3GB/day depending upon the enterprise the size might vary. The main goal of the forensic software is to mine through the vast amount of information and pull out events that need attention. The "Network security" softwares play a major role in identifying the causatives and security breaches that are happenning in the enterprise.
Some of the major areas that needed to be addressed by any network security product is to provide a collective virus attacks across different edge devices in the network. What this offers for an enterprise is a holistic view, of the attacks happening across the enterprise. It offers a detailed overview of the bandwidth usage, it should also provide user based access reports. The product has to highlight sescurity breaches and misuse of internet access, this will enable the administrator to take the necessary steps. The edge devices monitoring product has to provide other stuffs like Traffic trends,insight into capacity planning and Live traffic monitoring, which will help the administrator to find causes for network congestion.
The internal monitoring product has to offer the audit information of users, system security breaches and activity audit trails (ex: remote access) As most of the administrators are ignorant of the requirements for the compliance acts, it is better to cross reference which acts apply to their enterprise and ensure that the product supports reporting for the compliance acts
Sunday, March 12, 2006
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment