Overall Security Monitoring Solution

VNCS Global > Overall Security Monitoring Solution

Nowadays, the situation of network security has been very complicated. Countries not only see cybersecurity as an effective method, but also use cybersecurity as a weapon of political struggle. Most of the cyber attacks now have been directed at network systems of organizations, especially, there have been many attacks on websites, databases and server systems that do not only reputational damage, but also leak permanent information to hackers. Attacked organizations or enterprises are usually big ones, having many important and valuable information, so each attack often carries heavy damage.

In order to avoid losses caused by cyber attacks, it is important to monitor the security of system information and provide quick response. However, many agencies and units still face some limitations in monitoring, detecting and preventing attacks. As follows:

  • There is no centralized and homogeneous surveillance system that automatically analyzes, detects, and sends alerts via email and SMS when attacked, changing the look.
  • There is no tool to help analyze logs, investigate the problem when the system is hacked.
  • Surveillance systems do not have enough information, so they can not find the root cause.
  • No intuitive interfaces for data representation, anomaly detection.
  • Only a few important systems can be monitored, and cannot be well monitored when the system increases in size and quantity.

In order to solve this urgent problem, VNCS Global has researched and developed Overall Security Monitoring solution. With experience in developing solutions, VNCS Web Monitoring has been recognized by the domestic scientific awards such as Sao Khue and Vietnamese Talent Awards 2014. VNCS Web Monitoring is also the only solution of Vietnam to win the ICT ASEAN 2014 that is awarded by the ASEAN IT Ministers Council.

Overall Security Monitoring includes the most comprehensive information security events happening on the system. The solution supports automatic analysis, find the cause to help administrators make quick response plans, reduce problem recognition time and total troubleshooting time.

Overall Security Monitoring operates on the Bigdata Splunk Enterprise platform and collects and processes by using Splunk’s Bigdata technologies. It is developed under its own innovative algorithms that are fully customizable according to business requirements.

SOLUTION OVERVIEW

Dashboard for overall monitoring of security and safety
Analyze user behavior
Monitoring and investigating security attacks
Database monitoring
Send incident alert
Abnormal behavior monitoring
Malware dection
Network infrastructure monitoring
Network infrastructure monitoring

FEATURES

Ability to collect logs from many different machine data sources such as servers, applications, network data including log data, transaction data, call logs, data from mobile phone…
Real-time alerts via Email, Script, RSS, SNMP, Telegram
Monitor in detail the performance and security status of event servers and equipment
Provides warnings when there are attacks on monitored systems
Statistics of virus / bot / malware infected machines in the system
Login statistics failed many times due to wrong username / password
Detect PowerShell usage to call an authentication command prompt
Detect suspicious processes created like vssadmin.exe, certutil.exe, …
Database monitoring shows up 20 lines of content most closely related to the faulty keyword
User computer network bandwidth warning abnormal increase
Support for monitoring all devices and support log analysis when a problem occurs
Provide an overall statistical interface in real time, the security situation, events occurring across the entire monitored system.
Synthesize and display alarm information from security devices serving the event
Detect Multiple logon failures with Administrators account
Detect logins from 1 source to multiple destinations (successful & unsuccessful)
Privilege escalation detection (Windows, Linux)
Detect create, modify, delete accounts (Local and Domain) including create, delete, disable / enable, lock / unlock, modify …
Detect changes to the FW rule (local, hard FW, iptable ….)
Statistics on the total number of connections to the switch system, router, detailing the time when the user accesses.
Detect clone, rename behavior of windows services (cmd.exe, powershell.exe …)
Detect known keywords from PowerShell exploit

Overall Security Monitoring solution focused on Overall Security Monitoring is built on an open architecture, so it can be easily expanded to add specific features. After implementing the solution we can develop more features on this platform. Overall Security Monitoring is a powerful support tool for system administrators to be able to grasp how the center’s system is going. Not only helps to minimize time and effort for administrators, but also helps to promptly detect attacks on websites through email alerts (or SMS). The solution provides continuous monitoring and fully automatic analysis, detecting in time when there are signs of an attack on the system.