Analyzing the Threat

A lot of information can be gathered by a company from the traffic arriving at its gateway with the Internet. These days, most devices provide copious logs which can be accessed by IT staff. However, this is really only the beginning of the process, the required actions are:

• Collate - is the data provided in a simple, understandable way, or is it distributed across a number of platforms?
• Inspect - having obtained the data, assessment is needed to identify the data that is of concern.
• Act - if action is required to prevent a threat, how is it done and are the tools available to carry out that action?

All the above require one resource which every IT manager is short of: time. It is rare for an IT manager to have the time to inspect, assess and act. It also requires continuous training and experience to have the knowledge to carry out this security task efficiently and effectively.

Local Network Box SOC's monitor our customers' boxes worldwide, reporting on attacks and intrusion attempts and thereby building up a picture of the vulnerabilities being exploited. Each SOC's has security personnel able to analyze this information, providing a box by box trend analysis. This allows Network Box to provide useful feedback on the security status of a customer and the growth of threats to that company. As a simple example, the graph below shows the email received by a company. In this graph, it is easy to see that while the email and virus threat have remained stationary over the period, the Spam has steadily escalated. This allows the company to target its spend in the right area which helps ensure the security of the business.

All information is also returned to the global SOC's for further analysis, enabling a world view on the information and allowing Network Box to see how trends are affecting the Internet. The diagram below shows the email and spam trends per box worldwide.

The advantage to the customer is that they benefit from the statistics being captured by their equipment and from Network Box’s ability to view global trends. For instance, 'envelope pre-scan', a new technology developed by Network Box, was developed as a result of seeing the growth in Spam from Botnets. This technology allows Network Box systems to make a sound judgment on whether an email is from a spammer or not, without even needing to actually download and scan the email itself. This means that Spam does not occupy the company's broadband bandwidth.

Additional Information

The following document contains detailed information about the regular Network Box monitoring reports.

• Network Box Adobe PDF Format Reporting [146KB]