Network security and management (15CS62T) Security monitoring

Security monitoring
Security monitoring sometimes referred to as "security information monitoring
(SIM)" or "security event monitoring (SEM)," involves collecting and analyzing
information to detect suspicious behavior or unauthorized system changes on
your network, defining which types of behavior should trigger alerts, and taking
action on alerts as needed.

Security monitoring software detects and analyzes vulnerabilities, alerting you

of potential security issues. Cybersecurity warnings allow you to quickly protect
your organization from network intrusions and subsequent disasters.

security monitoring software collects metrics around client-server

communications, network payload, encrypted traffic sessions, and other
network operations to uncover cybersecurity threats. You can also use the
network security monitoring software to detect patterns in network traffic flows.

Moreover, you can use the software to generate automatic security alerts and
reports, enabling you to quickly respond to any suspicious activity and take
appropriate remedial actions.

leverage visualizations such as charts and graphs provided by network security

monitoring tools to pinpoint malicious activities and troubleshoot cybersecurity
threats.

VI Sem, Dept of CSE, Siddaganga Polytechnic, Tumkur 1

Network security and management (15CS62T) Security monitoring

The Difference Between Network Monitoring and Security Monitoring

A network monitoring application examines and tracks network activity for

problems caused by malfunctioning hardware or overloaded resources such as
servers, routers, and network connections. Network monitoring measures three
main metrics:

 Network availability (uptime). This indicates how well the network

responds to the connectivity and throughput demands.
 Network performance. This measures the network’s bandwidth,
throughput, latency, error rates, and jitter.
 Network configuration. This process assigns network settings, policies,
controls, and flows to support communication.

A network monitoring tool can alert you by a short messaging system (SMS) or
email when it detects any problem with availability, performance, or
configuration.

As a network administrator, you need to understand your network topology,

configurations, performance, and even security to troubleshoot and correct the
problem.

VI Sem, Dept of CSE, Siddaganga Polytechnic, Tumkur 2

Network security and management (15CS62T) Security monitoring

A network security monitoring system, in contrast, protects the organization

from potential vulnerabilities and exploits.

Unlike network monitoring that offers generic monitoring, network security

monitoring analyzes multiple factors, including:

 Network payload
 Network protocols
 Client-server communications
 Traffic patterns
 Encrypted traffic sessions
 Traffic flow

The primary goal of network security monitoring is to provide continuous

service that checks the business environment for suspicious activities and
threats.

IT teams can then investigate the reported activities and take appropriate
corrective measures.

Although distinct, network monitoring and network security monitoring tools

often overlap. For example, the focus of network monitoring is to help you
understand the composition, availability status, performance, and configuration
of the network components.

However, network security monitoring is woven inexorably into each network

monitoring responsibility.

For example, you cannot achieve high throughput if an attacker floods the
network with malware that takes advantage of network configurations, leaving
your network vulnerable to exploits.

For these reasons, it’s typical to have network administrators work directly with
security teams to perform several tasks and correlate results.

VI Sem, Dept of CSE, Siddaganga Polytechnic, Tumkur 3

Network security and management (15CS62T) Security monitoring

Advantages of Security Monitoring

Achieve effective security without vigilance, and the cybersecurity world is no

different. Network security monitoring is the best way to vigilance in a
connected world.

Some advantages of network security monitoring are shorter cyber-threat

response times, easier security testing, and easier detection of subtle and new
threats.

Minimize the Cyber-Threat Response Time Significantly

Most attackers seem to seek out easy targets that have unprotected systems or
don’t watch their networks closely enough. Network security monitoring can
help you reduce the response time if a hacker tries to intrude.

Without an effective security monitoring solution, it can take months for you to
discover that your company has been hacked.

Simplify Security Testing

With an appropriate network security monitoring application, you can always

tweak the configurations in the settings menu. You can then use the application
to test the network to determine if it is still foolproof after configuring the
settings to your liking. Discover new threats

Because the cybersecurity landscape is changing continuously, you need an

intelligent tool that does not simply rely on known threats. With an effective
network security monitoring solution, you can always look for suspicious
activities and take corrective measures.

By discovering non-specific patterns, network monitoring solutions can help

you detect new threats such as “zero-day” attacks that would otherwise have
been difficult without one. Detect subtle threats more easily

Some attacks are obvious to detect in the network, while others are elusive. For
example, a blatant ransomware attack could lock up the entire PC, only

VI Sem, Dept of CSE, Siddaganga Polytechnic, Tumkur 4

Network security and management (15CS62T) Security monitoring

displaying the ransom note. On the other hand, bandwidth hijacking and botnets
are far more challenging to detect.

An effective network security monitoring solution can help you keep an eye on
any abnormal pattern, such as bandwidth hijacking and distributed denial-of-
service (DDoS) attacks.

Protecting Your Data with Parallels RAS

Digitization is no longer a competitive advantage or savvy option for today’s

businesses—it’s a necessity. However, as more and more companies undergo
digital transformation, cybersecurity attacks rise.

Secure and reliable networks safeguard the organization’s operations and

interests and any customer who exchanges data with the company.

Parallels® Remote Application Server (RAS) is an all-in-one, secure-by-design

desktop virtualization solution that simplifies access to corporate resources
while promoting organization productivity.

As a desktop virtualization solution, Parallels RAS centralizes the management

of IT resources. This provides employees with encrypted connections to the
datacenter using transport layer security (TSL) and Federal Information
Processing Standard (FIPS) 140-2 protocols.

IT teams can enable the right level of access to corporate resources based on
device, user profiles, network, or even location, for every employee, partner, or
contractor.

Centralized IT administration and access control policies allow the organization

to prevent data loss, ensure privacy and safeguard organization assets while
comprehensive real-time monitoring and reporting support compliance efforts.

VI Sem, Dept of CSE, Siddaganga Polytechnic, Tumkur 5

Network security and management (15CS62T) Security monitoring

Disadvantages of Security Monitoring

Security monitoring users may rest assured that their data is secure and well-
protected. The credit goes to the competency of network security. The area is
however challenged with a few drawbacks yet nothing outrageous that is
capable of outweighing its benefits. Let us look into the few disadvantages of
network security.

Expensive Set-Up

The installation of a network security solution might be costly. The expense of

purchasing software, installing it, and so on can add up quickly, especially in
smaller networks.

We're not talking about a single computer here, but rather a network of
computers that can store vast amounts of data. Since security is so important, it
will undoubtedly cost more. It must not be overlooked at any cost.

Time Consuming

Some of the software on some networks is difficult to use. To maintain double

security, it requires authentication using two passwords, one of which must be
entered every time you update a document.

It also necessitates the use of numbers, special characters, and alphabets in the
passwords. It's possible that the user will have to type a number of example
passwords before settling on one, which can take a long time.

Necessitates the employment of qualified personnel

Managing huge networks is a difficult endeavor. It necessitates highly trained

experts capable of dealing with any security issue that may develop. To
guarantee that the network runs well, a network administrator must be hired. To
meet the criterion, he must be properly trained.

VI Sem, Dept of CSE, Siddaganga Polytechnic, Tumkur 6

Network security and management (15CS62T) Security monitoring

Unscrupulous administration

When the best software is deployed and put in place and all of the necessary
tasks have been completed, it is natural for the administrator to become careless
at times. It is his responsibility to review the logs on a frequent basis in order to
keep an eye on the malicious users.

But there are instances when he simply trusts the system, and this is when the
attack occurs. Consequently, it is critical that the administrator be watchful at all
times.

Conclusion
Security monitoring operation within their organization. I used the open source
SO suite to show how to put NSM to work in a rapid and cost-effective manner.
This final section of the book shows several other options for NSM and related
operations. My goal is to show how NSM applies to other areas of digital
defense and how I think NSM will adapt to increasingly complex information
processing requirements.

VI Sem, Dept of CSE, Siddaganga Polytechnic, Tumkur 7