Lucida SecurEdge™

Network Visibility

 

Intrusion Detection - SecurEdge detects and identifies rogue systems, evasive or stealth activity, protocol anomaly and potential attacks. Alarm alerts are generated as and when intrusions occur and provide intrusion data analysis on alarm level, frequency of attempts, and the type of intrusion, related protocol, IP address(s) involved, port number(s), etc., so that, the source and destinations can be clearly identified.

 

Top Traffic Generators - SecurEdge detects and identifies Top-N Talkers, Top-N Conversationalists and Top-N Applications that generate the most bandwidth usage and in many cases, waste network and asset resources.

 

Application Usage & Statistics - SecurEdge provides de-facto traffic flow statistics by examining the raw packet data. This provides in-depth traffic analysis capability for performance monitoring and usage trends for specific timeframes, that can be correlated to network Intrusion detection states.

 

securedge_PowerVisFig1

 

Usage Policy Violation - Ever increasing online asset value and government scrutiny dictate the increasing need for enterprise usage policy management. Violations such as unnecessary or illegal access to/from outside sites increase the liability on businesses. SecurEdge provides you a very effective and flexible means of identifying usage policy violations.

 

SecurEdge uses a combination of Netflows and Snort engine deployed in sensors to detect alert and pinpoint policy violations.

 

When installed in an enterprise network, SecurEdge, monitors total network usage and provides the security manager with clear reports of internal and external usage and threats.

 

securedge_PowerVisFig2

 

Intrusion Alarm - Traffic Correlation - SecurEdge uses the well proven Snort engine to detect and pinpoint intrusions to your network so that you can determine their true impact on your business by offering correlation of these events to NetFlow data flows from the network via the management console.

 

The drill down ability for intrusion alarms uncovers detailed intrusion parameters such as, type of intrusion, related protocol, IP address(s) involved, port number(s), frequency and attempts, etc., so that, the source and destinations are clearly identified and everything is known about the intrusion. This can then be correlated to the NetFlow flow data.

 

When correlated to flows from specific hosts you will be able to identify and assess the impact of the intrusion on hosts and sub-nets. Thereby enabling you to quantify the impact of intrusions on your business and make decisions based upon the results, reports and data.

 

Internal Security Breach - SecurEdge monitors, and identifies Internal Security Breach by monitoring incoming and outgoing IP traffic within subnets, using a combination of NetFlow collection and flow analysis, and Snort engines deployed in sensors to detect, alert and analyze internal security breach.

 

When installed in an enterprise network you can identify and pinpoint Internal security breach based upon Snort alerts and alarm analysis, Top traffic generator detailed traffic generated from individual subnets, and detailed Host traffic analysis and statistics provided NetFlow flows.

 

securedge_PowerVisFig3

 

How do we do it?

 

Lucida enables visibility through passive monitoring tools and a powerful management system that allows you to monitor your network and information assets with 3 different monitoring tools (Snort, nProbe and nTOP) embedded within distributed sensors. These tools complement each other in providing you with all you need to know about your network and information assets.

 

The SecurEdge System with its Management Console centrally manages such sensors to provide you visibility that scales to networks of varied sizes and complexity. The sensors can be placed anywhere potential threats are thought to exist: at the perimeter, internally, and on connections to remote offices, partners, and vendors.

 

The sensors are remotely upgradeable and rules can be remotely tuned. New vulnerability and threat rules updated. Thus ensuring that you have the latest definitions of these threats and vulnerabilities and visibility of your entire network and information data.