Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Showing results for 
Search instead for 
Do you mean 

 

In a recent blog, Anton Chuvakin, a research director at Gartner's IT1 Security and Risk Management group, summarized a SIEM use case example. The example is tracking user authentication information across systems in order to detect unauthorized access. To serve this user authentication use case described by Chuvakin (as well as others), Juniper recently launched the next version of its SIEM offering called Juniper Networks Secure Analytics (formerly the STRM Series).

 

Briefly, this is how it works. IT prepares the relevant list of systems (e.g., servers, network devices, and others) for data collection. Next, a system operator modifies the logging configurations for collection by Secure Analytics. As Secure Analytics collects the event and flow data from the systems, it also aggregates and analyzes the data, alerting the administrator, based on default or custom rules, on findings. An example of such findings could be authentication failures on the same source IP address more than three times, across more than three destination IP addresses within 10 minutes. This may indicate unauthorized access.

 

What next? With the discoverer of a bunch of failed authentication attempts from that IP address, you may ask, “What else has the device using that IP been doing on the network?” You can understand that by analyzing the flow data—which will show connections to malicious sites, conversations using protocols that violate security policies and/or best practices, as well as conversations of long durations. By collecting flow data from switches and routers together with security events from, say, firewall, antivirus, IPS and even Web Application Security systems, you can get a complete picture about the current threat landscape.

 

Generally, Secure Analytics can help IT network security administrators make sense of large volumes of data—often from disparate sources—so that they can easily learn about threats and take measures to protect the network. Although we’ve only discussed the user authentication use case here, Secure Analytics can be utilized for additional use cases such as VPN monitoring for campus and branch deployments, automatic remediation of mobile devices that violate Enterprise BYOD policies, as well as use cases for Service Provider and MSSP deployments.

 

Makes good sense, no?

Read more...

About Security Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon


Our Bloggers

Kevin Walker
Vice President
Security CTSO, Engineering

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Announcements
Juniper TechCafe Ask the Author
Labels