AXS GUARD 8.3.3 - Reporting

Public Channel / Documentation

Reporting Features as of versio 8.3.3.

Share on Social Networks

Share Link

Use permanent link to share in social media

Share with a friend

Please login to send this document by email!

Embed in your website

Select page to start with

Post comment with email address (confirmation of email is required in order to publish comment on website) or please login to post comment

1. D a t a B r e a c h D e t e c t i o n a n d P r e v e n t i o n

5. 06-07-2018 © AXS GUARD - Able NV 5

8. 06-07-2018 ● Internal connections to known malware IP addresses ​ : shows attempted connections to blocked IP addresses. This may be an indication of an infected client or a deliberate insider threat. © AXS GUARD - Able NV 8

11. 06-07-2018 7 . F i r e w a l l C o n n e c t i o n T r a c k i n g The "network flow viewer" provides a lot of useful information about your network and allows you to track active connections. Administrators can use filters to extract information based on the: ● Protocol ● Source IP and port number ● Destination IP and port number ● Used network device ● Application (layer 7) © AXS GUARD - Able NV 11

7. 06-07-2018 4 . M a l w a r e D e t e c t i o n Malicious software in its various forms remains one of the key threat vectors for today's organizations, large and small. A good report can make the difference between real-time attack prevention and reacting after the fact. It only takes a moment to generate a report, analyze the situation and isolate potentially infected hosts. By providing a real-time status, the malware detection reports help you to detect known threats and – more importantly - prevent attacks and potential data breaches. The following malware detection reports are available: ● Virus detections ​ : provides an overview of viruses and malware detected by the AXS GUARD proxy and mail server. © AXS GUARD - Able NV 7

6. 06-07-2018 3 . S y s t e m R e s o u r c e A c c e s s These reports identify various system and application resource access patterns and can be used for auditing, incident detection or prevention. Tracking resource access can be used to reveal potential insider abuse or even fraud. It is a valuable tool for determining which resources the attacker has been trying to access, possibly corrupted or modified. In addition, resource access reports can be used for other purposes, e.g. capacity planning. The following resource access reports are available: ● Users blocked from accessing prohibited sites ​ : shows host machines which have been trying to access blocked websites. ● Top senders of mail to external recipients ​ : allows system administrators to identify suspicious e-mail activity based on mail traffic volumes per user. Large volumes could be an indication of potential data leaks or the disclosure of confidential information. © AXS GUARD - Able NV 6

9. 06-07-2018 5 . M a i l T r a f f i c R e p o r t s Various MTA reports were already available in previous versions, but have been reworked: ● Received messages ​ : shows the amount of messages that have been received from senders on the Internet and in local networks. Messages can be filtered by sender or recipient. ● Delivered messages ​ : shows the amount of messages that have been delivered to Internet and local recipients. Messages can be filtered by sender or recipient. ● Rejected messages ​ : shows messages which have been rejected for security reasons. © AXS GUARD - Able NV 9

13. 06-07-2018 9 . B a n d w i d t h M a n a g e m e n t The bandwidth management graph allows system administrators to detect unusual traffic peaks and adjust the bandwidth management configuration where needed. Traffic peaks may be an indication of infected hosts, network abuse or potential illegal activities. The information in the report can also be used for capacity planning. The bandwidth management status report provides information about: ● Times when bandwidth definitions are (re)configured. ● A view of active traffic (sub)classes, including the configured guaranteed and maximum bandwidth for each class. ● The amount of transmitted bytes per (sub)class. ● A graph, showing outgoing traffic averages per (sub)class and the total average over an 8-hour period. © AXS GUARD - Able NV 13

10. 06-07-2018 6 . W e b A c c e s s R e p o r t s Various web access reports were already available in previous versions, but have been reworked: ● Client requests ​ : shows all proxy access requests per client. ● Hourly requests ​ : shows all proxy requests per hour. ● Most accessed websites ​ : provides an overview of frequently accessed websites. ● Blocked websites ​ : shows all access attempts to prohibited websites for a selected period. ● Blocked site lists ​ : shows all blocked sites and the access control policy which was enforced. © AXS GUARD - Able NV 10

12. 06-07-2018 8 . A p p l i c a t i o n C o n t r o l The application control engine monitors the application layer of the network, a.k.a. layer 7 in the OSI model . Application control is also known to as Deep Packet Inspection (DPI), a form of computer network packet filtering that examines the data part of a packet as it passes AXS GUARD, searching for defined criteria, such as protocols or websites, to decide whether traffic may pass or needs to be blocked. The following application control reports are available: ● Through traffic reports ​ : cover traffic originating from hosts in the LAN and forwarded by the AXS GUARD appliance to another network. ● Towards traffic reports ​ : cover traffic destined for a service running on the AXS GUARD appliance, such as the SMTP server. ● From traffic reports ​ : cover traffic originating from the AXS GUARD appliance, i.e. traffic generated by a process running on it. © AXS GUARD - Able NV 12

4. 06-07-2018 2 . C h a n g e M a n a g e m e n t The change management reports highlight changes made to the AXS GUARD configuration and can be used to audit system administration and monitor privileged user activity, such as updating user account information and credentials or changing the firewall configuration. Unauthorized changes to information systems can lead to costly crashes, loss of data and ​ security incidents ​ . Furthermore, attackers will often try to modify or compromise your systems to guarantee future access. The careful tracking of configuration changes will also improve your overall IT operation and security. The following change management reports are available: ● Configuration changes ​ : all system configuration changes made via the web-based administration tool. ● Password changes ​ : all password changes made via the web-based administration tool, including password changes made by regular users. ● Firewall changes ​ : changes made to the firewall configuration, e.g. changes to firewall rules, policies and the advanced firewall configuration. © AXS GUARD - Able NV 4

3. 06-07-2018 1 . A u t h e n t i c a t i o n a n d A u t h o r i z a t i o n Authentication is the main barrier and means of controlling access to today's systems. From simple passwords to tokens and cryptographic mechanisms, reviewing authentication activity across the organization is one of the key security activities. The various authentication and authorization reports are an easy way to detect suspicious login activity and allow system administrators to intervene almost immediately by blocking the IP address or username associated with an attack. The following authentication reports are available: ● User login activity ​ : an easy way to detect suspicious login activity. ● Login attempts of disabled and non-existing accounts ​ : covers attempted access to accounts that should not be accessed or which do not exist on the system. ● Remote logins ​ : allows you to track VPN login activity. ● Password-guessing attacks ​ : provides information about users who are possibly trying to log in to the account of another user by attempting to guess the password. This report also allows you to detect brute-force attacks. © AXS GUARD - Able NV 3

2. 06-07-2018 Identifying Suspicious Network Activity and Data Access with AXS GUARD version 8.3.3 Network and data protection measures, such as a firewall, an anti-virus engine or an Intrusion Prevention System, are no longer sufficient in a ​ ​ GDPR ​ world; organizations need to know what data they are collecting and how it's being used. With version 8.3.3, AXS GUARD introduces a new threat reporting feature, which allows organizations to get actionable insights from raw data in various log files. Adequate reporting tools have been implemented to help system administrators monitor various types of network and system activity. Reports can be generated for specific periods. The aim is to quickly identify suspicious user or network behavior, allowing organizations to take adequate measures to prevent data breaches. Suspicious behavior can be further substantiated by the appliance's extensive logging capabilities. In this document we give you ​ an overview ​ of the various report types available in AXS GUARD, as of version 8.3.3: Authentication and Authorization 3 Change Management 4 System Resource Access 6 Malware Detection 7 Mail Traffic Reports 9 Web Access Reports 10 Firewall Connection Tracking 11 Application Control 12 Bandwidth Management 13 © AXS GUARD - Able NV 2

Views

  • 1636 Total Views
  • 1290 Website Views
  • 346 Embeded Views

Actions

  • 0 Social Shares
  • 0 Likes
  • 0 Dislikes
  • 0 Comments

Share count

  • 0 Facebook
  • 0 Twitter
  • 0 LinkedIn
  • 0 Google+

Embeds 2

  • 2 axsguard.com
  • 9 www.axsguard.com