Network Security Auditing & Monitoring
Security Traffic Auditing - Highlights
- All incoming authentication requests along with their NAS and RAS IP address, time of access and originating IP address are audited
- All records are audited when a user is accessing the network, the time of access, the RAS IP address, where the user is coming from, name of the profile used etc.
- The access method (type of MFA used) gets audited too
- If there is an issue with the access method, time of access, entry-point of the request etc. then it gets audited and notifications are sent
- If the user’s authentication credentials are wrong then it gets audited
- When a multi-factor authenticator is not used properly
- If a user is suspended and access is denied, it get audited
Activity Logging - Highlights
- Logging provides more detailed information than auditing
- Logging helps the security administrators and the Known Access support team to find the root cause of the problem
- If there are any erratic traffic issues in the network then it gets logged and it helps to narrow down the network issues
- If anytime the network is experiencing heavy traffic and the response time is slow then the logs can provide a set of data points
- Some of the authentication protocols use UDP (User Datagram Protocol) as compared to TCP (Transmission Control Protocol) protocols. Inherently the UDP based protocol packets can get dropped when the network or certain switches or routers are under heavy load. Our logging mechanism can help to analyze the issue
- Activity logs can also help when the security system itself is under heavy load.
Network Security Monitoring
We provide real-time as well general security monitoring capabilities. Network Security traffic can be monitored for access attempts, authentication failures, repeated use of same MFA credentials, use of wrong access-point, etc.
In addition to that we log and analyze network congestion, high volume of authentication attempts, re-trasmitted authentication protocol IP packets, authentication attempts from unknown sources, etc.
Access Attempt Notification
- Access attempt notification is a highly desirable security feature where the user gets an email or an App based message when the user or someone with user’s credentials attempts to authenticate
- When the user receiving the message is the one who attempted to access the network then no action is needed otherwise security administrators can be warned. With this functionality all the users are monitoring the network security
- Using the Notification configuration software the administrators can configure as to who gets the notifications after network access attempt. It can be configured for the user who attempted the access or it can be configured to notify the user’s supervisor and/or the corporate security.
- This particular functionality can be turned on for the entire system or you can selectively turn-on or turn-off this functionality per user
Real-Time & Historical Activities
- In real-time you can monitor how many users are logging in at given moment
- Also you can see what authentication protocols are being used
- We also provide the real-time data on a per system basis for the edge customers so that the distribution of traffic and protocol usage can be managed
- We have a provision to save the network access data for 365 days. We allow the data to be archived periodically so that it can be stored for much longer period
- Various reports can be generated by specifying the duration
- The edge security administrators can write their own reports