Learn about how network data from various sources to improve network security. Jungwoo explains how the data from the diverse sources constituting your network can be a powerful tool to enhance your security once conslidated and analyzed systematically.
- It is unimaginable to think of network security without data. None of the well-known network security tools can function without access to network data. Therefore, readily available data in various forms is crucial in ensuring network security. This network data comes from many different sources. Network packets are the most obvious data source.
Firewalls are another data source and create log entries whenever they drop a packet. IDSs and IPSs also produce data in the form of alerts when they detect and discard suspicious attack packets. Same goes for vulnerability management systems. Network software applications and operating systems like Windows or MacOS are also a major producer of network security relevant data.
Since there are many disparate sources of network data, interoperability is very important. That is, it should be possible for the data generated by each source to be forwarded to, and usable by, a collection system such as SIN for further analysis. Once aggregated, all this data from the diverse origins I mentioned, can produce much more powerful insight on your network security than when they exist in silos.
Remember that consolidation is the key to solve this very complex puzzle of network security challenges.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization