Archive: August 2011

Four Key Network Areas to Monitor to Avoid Security Breaches

Posted on - 2 comments

Think your IT is secure? Think again. 90% of organizations’ computers have been breached at least once by hackers over the past 12 months according to a survey conducted by Ponemon Research on behalf of Juniper Networks.
 
A common misconception is that antivirus software catches most of the viruses out there. Some suggest that antivirus software only catches 60% of the current viruses that are out there, so that's 40% of the brand-new viruses that the software isn't even looking for. So when you're monitoring the network what things should you look for that may be an indicator of a security issue impacting network performance?
 
The key to detecting security issues that may impact the network is monitoring essential analytics and auditing your systems. It’s also critical to establish a baseline of the performance of your network so you can determine what is normal and abnormal activity.  After establishing a baseline, here are four network areas to monitor so you can work with your security team to reduce security issues impacting network operations. Look for:
 
1. Odd protocols on known network segments
Example: You detect inbound web traffic going towards the finance department, or another network that wouldn’t serve traffic. 

Action: Set alerts on segments of the network that wouldn’t normally serve HTTP, SMTP or other acceptable, but odd protocols for their segment.
 
2. Inter-host communications that are larger than normal or between hosts that should not be communicating
Example: A person’s desktop in human resources is constantly communicating with the engineering file server. This is unusual and could be worth looking into further.

Action: Identify the “Top Talkers” on your network and sort those metrics by the biggest consumers of bandwidth. Look for communication between hosts that wouldn’t normally occur.
 
3. Spikes in utilization from devices that normally don’t serve traffic
Example: A development or test server that is constantly spiking utilization at 1am EST (which is about 4pm in China) may be a sign of compromise and data extrusion.

Action: Create alerts when bandwidth or resource utilization reaches defined thresholds on specific devices so you can perform additional analysis.
 
4. Crawling of traffic on your systems
Example: A person’s desktop in the marketing department shows thousands of HTTP GETs per hour on the network.

Action: Deploy a honeypot server or create a hidden page within your web directory structure and monitor your logs for any GETs to the hidden page. If that page shows up in the logs, then alert the security team that there may be a malicious web crawler on the network.
 
These four steps can help you identify potential security issues when you're monitoring the network and enable you to work collaboratively with your security team to avoid security breaches. Can your current tools help you monitor the network and security operations in a single view to better troubleshoot issues impacting performance? If not, consider our NeuralStar solution that aggregates all network event data – security, availability, performance and more from any network connected port, device, service or application – all on a single console.

Here is a screenshot of NeuralStar with integrated security metrics.

TAGGED UNDER

network management, it, it management, network mom, event management, security management, it mom,

LandWarNet – A Big Hit and Full of Surprises

Posted on - 39 comments

Kratos just exhibited at LandWarNet, the Army’s premier IT and networks event. Over 9,000 attendees ranging from senior Department of Defense, Army military, civilian leadership and commercial representatives gathered at the event.
 
The event was a great opportunity to familiarize attendees with our IT management solutions that help deliver network situational awareness from the GIG to tactical networks for customers like DISA, MDA and others. There was a lot of interest in our solutions including the recently acquired Newpoint products that were on display showing their SATCOM management capabilities. In addition, our complimentary Network Traffic Monitor was a big hit at the event. Download the free tool and many others at our website.
 
Finally, the big surprise of the event was that LandWarNet is splitting up into three regionally dispersed smaller events next year. Renamed TechNet Land Forces, the first event will take place in Tucson in March and focus on security and network operations. The second will be located in Tampa in July and concentrate on joint and coalition issues. The third will occur in Baltimore in August and focus on cyber.  What do you think about the new LandWarNet?

TAGGED UNDER

network management, it, it management, network situational awareness, tactical management,

Kratos Networks Expands Offerings to Enhance Management from Terrestrial to Satellite Networks

Posted on - 32 comments

Kratos recently completed the acquisition of Integral Systems, a leading provider of commercial-based products, solutions and services to the satellite, aerospace and critical infrastructure industries. With the acquisition comes the addition of products from Newpoint Technologies for managing communications infrastructure - including satellite, terrestrial, internet, and broadcast.
 
The Newpoint products include the award winning COMPASS™ network management system as well as the Mercury suite of appliances for managing remote sites and portable terminals.
 
COMPASS
COMPASS is a complete software package for managing all types of networks and provides operators with a clear and visual overview of the network. Its built-in flexibility enables management of small sites or very large networks to meet the requirements of diverse applications from satellite to terrestrial networks. COMPASS has an extensive library of drivers to many devices that require Ethernet, serial or contact closure interfaces, and also supports interfaces into SNMP enabled equipment.
 
Mercury
Mercury G3 Remote Site Manager is a next generation remote site manager that is a cost-effective solution for managing manned and unmanned remote sites. It provides complete visibility into site status by interfacing with all site equipment and reducing or eliminating costly unscheduled visits caused by equipment failures or communications problems. Mercury G3 reduces downtime of the site and the costly dispatch of technicians to remote facilities cutting costs and maximizing the revenue potential of the network.
 
 
The products expand the existing Kratos Networks offerings and complement the NeuralStar and dopplerVUE products to enhance management from terrestrial to satellite networks. Want more information about the Newpoint products? Please contact us by emailing info@kratosnetworks.com or calling 1-888-388-3669.

TAGGED UNDER

network management, it, dopplervue, neuralstar, satcom management, satellite network management,

Latest Tweets


IT Management Tips, Tools & News - http://t.co/64HMBLvJ


Thank You for Visiting Kratos Networks at Cisco Live - http://t.co/BhxRfJV8


You've still got time to meet our team and get yourself registered to win one of two huge prizes! Stop by booth #2618 at @CiscoLive #CLUS


Looking forward to joining @CiscoLive's attendees tonight at Petco Park for the Customer Appreciation Event! #CLUS


Ever dreamed of winning a big screen TV or a training session valued at $3,000? Stop by #2618, speak with our team and get registered! #CLUS