NREPORTER

20130816

Integrated Management of Security incident and Network System Solutions

Do you really secure the protection after purchasing the equipments of Network Security?

Protection from IPS/IDP/UTM/NGFW/WAF. How to make sure the effect of protection of Network Security? Potential inner threatens are not radically eliminated. Blind spot of Network Security Equipments -legal behavior with wrong

executor. Who is playing tricks inside the IP dynamic allocated IP environment.

???

What corporations need when facing threatens of Security Incident?

???

Trojans, worms, virus and spy software.

websites, fishing websites.

Various html injection attack.

Threatens from 3G mobile internet.

An analyzable report system is necessary of your Network Security！

What is LOG? Why is there LOG Management?

???

All equipments in network environment have LOG

LOG will record the time and events between users. Network Security Equipment IPS, firewall will record the activities of a

certain IP with permit / block. Router will record the traffic utilization of a certain IP. Server will record works executed by a certain user from a certain IP.

The purpose of LOG management is to returning the original condition back when incident occurred!

Blind spots of LOG Management

Numerous kinds of equipments. Every kind of complicated LOG should be managed by professionals.

How to get the real problem when facing a great huge of LOG? How to store and inquire efficiently? How to conform the laws and regulations?

! !!

Impacts on corporations from the new version of Personal Information Protection Act!!

! !!

The new version of Personal Information Protection Act applies to all the corporations and individuals.

The maximum indemnity can be up to 2 hundred million dollars for the loss of a single event.

When facing the accusation, corporation has to prove for being unintentional and unimpeachable.

Centralized control management of all LOGs. LOG Normalization → standardized format and inquiring interface. Ability of long-term preservation and to quickly examining history records. Ability for real-time alerts → 24 hours non-interruptible protection. Ability to ensure the integrity of LOG.

The original LOG is hard to read !

LOG management is no more just for audit but for reducing the loss of company!!

! !!

If you are looking for...► Syslog record – Storing / Audit / Inquiry equipments

► Flow (Netflow / sFlow) - Analysis system

► Incidents correlation and risk management platform

► Immediately trend analysis for abnormalities

► Chinese reports generate and deliver regularly

N-Reporter integrates all the above functions into one machine !

Syslog recordStoring / Audit / Inquiring equipments

Syslog Data storing / inquiry function Simple installation with best performance under Appliance structure.

Integrated analysis for all network equipments.

The best assistant audit tool to Personal Information Protection Act.

All-in-one Appliance Hardware Specification.

19 Inch Standard chassis

Intel(R) Xeon(R) CPU E31230

16G RAM

1G DOM for OS and AP

2T HD for Syslog

2T/4T/6T HD for Flow

Installation complete in 5 minutes.

No need for users to purchase extra hardware and operation OS /database.

RMA for damage within warranty.

Built-in WEB/CLI, easy for managing and troubleshooting .

Stay online to the original manufactory to automatically detecting for the latest Firmware Image .

Be able to set up for using external NFS disk.

Best Analytic Tool for Audit !!

► Receive all kinds of LOG Security Syslog: IPS/IDS, UTM, WAF Flow: Netflow (v5/v9) / sFlow /Jflow Syslog Traffic: Firewall Server / Application: Web Server(Apache), Database(Oracle, MSSQL),

Server(Linux, Mail) Integrating LOGs of all equipments, managers need to cross inquiring no more

Internet

Home

Router Firewall

Non-Home

PC / ServerNetworkSecurity

SwitchIPS

N-Reporter

Assurance of Data Integrity

► All data will be coded/signed/encrypted stored to ensure the integrity of data

SHA-256 signature and DES-256 encryption. Built-in data compression mechanism to substantially increasing the capacity of

storage. Certification approved by NIST CAVP FIPS-140-2 for integral data storing.

► Data stored completeness Supporting database for daily backup automatically. Supporting external NFS disk. Supporting export of original raw data.

► Built-in diagrams of data using conditions and estimation of storage dates

Diagrams of database condition

Percentage of information of all equipments

Supporting multiple logical query and operation

Supporting using keywords +(or) and !(not) to check on incidents IP filter definition supports also logical operation of +(or) and !(not) keywords multiple query conditions can be made with all kinds of arguments(source equipment /

incident type and levels / action responses / port / country / filter of flow) Directly drill down inquiring by Top N report, time-based report and trend analysis

Analysis Function of

Flow / Traffic

Flow Analysis FunctionFlow analysis and Top N ranking can carry out the comparison

of usage between groups.Flow chart drawn by Flow or Traffic data could support long-

term monitoring and provide.warning when over the threshold.

Quickly lock up abnormal IPby Flow Chart

Huge Packet Attack Causing Security Equipments paralyzed

► Find out the key point by Flow when Security equipments break down Flow of 60M/s is not huge, but packet of 170k per second could cause the

paralyzation of Security equipments. After problem being confirmed, going further to lockup key IP and solve the problem.

Packet of 170k per second could cause the paralyzation of Information Security equipments.

Does it mean a problem when the volume occupied are huge?

???Ranking of IP usage.

Ranking of Protocol usage.

Function of Flow Reports

► Condition of Network Flow Usage List of usage condition of bandwidth in network environment.

Draw out the flow chart with in / out / total traffic of certain IP or certain session.

Draw out the traffic line chart of certain Application. ( such as Web or Mail)

Draw out the flow chart of certain disturbing activities. (such as Bit Torrent or PPStream) or attacks.( SQL Injection or Malicious Program)

Draw out the flow chart of Critical / Major Information Security Problem cause by network environment.

► Top N Flow Ranking Listing bandwidth using ranking of IP or Application.

Listing flow usage ranking of certain sessions. (such as comparison between server farm or departments)

Listing Security event ranking cause by IP or session.

Incidents Correlation and

Risk Management Platform

Incidents Correlation Analysis FunctionIntegrating data of Flow and Security Events completely Performing complete correlation from L3/L4 to L7

N-Reporter provides you full information

of network using!!

Syslog NetFlow Traffic

Router FirewallServerSecurity Equipments

Inquiring the correlation of flow of L3/L4 from the content of L7

Inquiring the correlation of flow of L3/L4 from the content of L7

Top N ranking report of Security events.

Listing how many bandwidths was occupied for each incident in Top N list.

Incidents happened for many times do not mean transmitting huge volume of Packets and Bytes!!!

Content of incident. Bandwidth used for this incident.

Long-Term Monitoring – Time-based Reports

Providing 24 hours non-interrupted monitoring !Placing any long-term monitoring wanted, reports that sending warnings with abnormalities.For example, “Send out Yellow notification when the traffic usage of servers are over 20M/s” or“Send out Red warning when the times of Telnet Login Fail are over 500 times per minute”.

Top N ranking report of Security events.

Lights displayed according to the setting of Threshold.

Abnormal Actions Trend Analysis

Realtime abnormalities trend analyzing function Automatically building Threshold Base Line by learning history.

Immediate warning with increasing abnormalities of Syslog incident / Huge Flow Traffic.

Blocking IP source with increased abnormalities in batches.

Trend Analysis: Actively Giving Warnings of Sudden Increased Incidents and IP

Automatically getting incidents / source IP / Destination IP that cause increasing of abnormalities by instant information comparison and the value of Base line calculated based on history records.

List of items most being cared. Discover sudden increased abnormality within 1-3 minutes. Convenient for users to control the abnormalities inside the environment. No more than just a Reporter, it is an Analyzer for real-time analysis of network abnormalities with

artificial intelligence.

Analysis of Flow Abnormality

Automatically filtering 14 kinds of abnormalities by flow traffic, such as “IP/Port Scan”, “DDoS”, and etc….

Guessing of account name and password is a sign of invasion, IP/Port Scan is the first step of successful invasion.

Instantly lockup abnormalities of certain IP or certain mainframes are under attack.

Execute Blocking When Abnormality Occurs

N-Reporter

Router

Firewall SwitchIPSL7 Syslog Device

Log Alert BLOCK

Incidents and flow statistics found by Syslog / Flow system are outputted to N-Reporter.

N-Reporter builds rational Base-line based on Syslog/Flow Data.

Instant warnings when abnormalities increase.

Giving orders to block attacks after users receive increased abnormal warnings.

Attacks come from outside network will be blocked by IPS/FW.

Unusual actions from inside network will be blocked by inner switch.

Step: 1 Step: 2 Step: 3 Step: 4

Chinese reports generating and

delivering regularly

Function of Chinese Reports Various arguments setting producing reports for requirements.

Generating and delivering Off-line reports automatically.

Sopporting the IP Name mapping , easier to find out the real identity of IP.

Automatically Producing All-Chinese Reports

Reports delivery periodically and automatically

Able to set working time and dates

Daily/ weekly/ bi-weekly/ monthly/ quarterly/ half-year/ annually reports

History reports storage and inquiry

Various output format supported - PDF/CSV/XML

Friendly User Operation Interface

► Supporting IP Name mapping , easier to understand the real identity of IP in reports.

► Quickly skilled and easy to use.

Click directly to get detailed information.

Showing values by supporting mouse pointer.

User name displayed.

Value Added Reports Analysis

Value Added Reports Analysis Analyzing data by a specific user.

Regulations audit reports.

Abnormal Audit analysis.

Dynamic DHCP IP Environment – Windows AD Integration

Router Firewall L7 Syslog Device Windows AD Server

Network EquipmentsIncidents and flow statistics discovered by Syslog / Flow system continually outputted to N-Reporter.

Windows Domain UsersAD Server will deliver the log in audit record of domain user to N-Reporter.

Provide Variety of User ReportsInquiring history events or flows by

users. (Diagnosing correctly even under the condition of dynamic IP)

Find out real problem-making user according to sorting.

Build IP and User Name Mapping N-Reporter converts the IP to user name to solve the tough problem of the incapability of tracing incidents through IP under the DHCP environment.

N-Reporter

Security Reports

Sorting the ranking of daily security events, calculating the traffic usages and the number of induced immediate trend at the same time.

Calculating the security events, flows, immediate trend induced and flow abnormalities by user name or IP.

Security Reports

Assist with graphic charts to view audit condition of server clearly

Meet the requirements of compliance report of Personal Information Protection Act

Audit of Server/ Application

• Recording the times of successful log in and log out, failure log in and incorrect account login.

Audit of Database

• Oracle, • MSSQL Server, • MvSOL, • PostqreSOL

Windows file sharing

• Recording the times of file read, • file updated, file deleted, • incorrect acccess

Audit Reports of Mainframe Quickly locating source of problem and abnormalities.

Sorting by user IP and user account.

Password guessing in certain time.

Which password of account was guessed.

Which IP is making problem when failing to log in many times.

Which mainframe got great quantity of failure login.

► Analyzing mainframe audit LOG, automatically searching out abnormal items

► Analyzing abnormalities which should be taken care for users Guessing of account name and password

Suspicious IP login successfully

Changing Log in IP

Analysis of Abnormal Audit

Could Solution

N-Reporter Cloud Solution Hierarchical Management

High Availability Structure

Big Data Collection

N-Reporter Cloud Solution

Hierarchical Decentralized Management Departments in corporation see the information of their own department only, just like having a

N-Reporter independently.

Operators and administrators can check up the information of corporation globally.

High Flexibility of Structure Apply to centralized and distributed construction.

Constructing N-Center and N-Receiver as required in every regional branch.

Head corporation can check up the information of all branches.

Supporting High Availability(HA) Structure N-Center / N-Receiver support backup function for non interrupting service.

Big Data Environment Support up to 300 thousand EPS.

High Flexibility of Expansion Flexible expansion of N-Cloud for future data collection and increase of users.

InternetN-CloudRouter Network Device

Security Product

Syslog

Flow

Traffic

County Network Center

TIP:Block mailicious out of the IPS in front of Firewall or Internet Gateway.

Central office North officeSouth office

Syslog

Flow

Traffic

Syslog

Flow

TrafficSyslog

Flow

Traffic

N-Reporter Cloud Solution

We Offer You More Than just LOG Management !!

Integrating all kinds of LOG to help forensic corporate collections

Centralized management of LOG to meet audit requirements. Fetch complete history records with high speed searching. Guarantee for data integrity. Best tool for corporations to conform Personal Information Protection Act.

! !!

Provide analysis with plentiful reports

TOP N reports providing list of max security incidents in your network. Time-based reports providing continuous monitoring plan for network

security 24 hours a day. Trend reports automatically analyzing the trends most being watched Producing daily/weekly/monthly/quarterly/annually reports for policies

making.

Full protection with instantly monitoring!!!

! !!

Cross analysis with security flows

Find network conditions lively with Flow Module. Analyzing mainframe abnormalities with Server Module. Quickly remove internet errors with Action Module.

! !!

Successful Cases

Successful Cases

Successful Cases

Thank You