In 2015, a new legal law on cyber security will come to force, which will provide new obligations in the detection and reporting of cyber security incidents and in reaction to these incidents with a goal to enhance cyber security and to set the mechanism of active cooperation between the private sector and public administration in dealing with security incidents in the Czech Republic. Technology Network Behavior Analysis (NBA) is by declaration of NBU a key method for network security and detection of security incidents. Maturity of cyber attacks continues to increase, so it is important in addition to traditional security tools like firewall, antivirus, IDS/IPS the usage of approaches that reveal even the most advanced network threats. That's why both the NBU and the renowned analyst companies like Gartner encourage the use of technology NBA, which is considered to be the future trend.
Currently, FlowMon solution is used by a number of entities in the Czech Republic, which belong to critical infrastructure, for example ministries, banks or ISPs (Internet Service Providers). FlowMon provides them a complete overview of each communication in the network, automatically analyzes and detects attacks or suspicious behavior and threats against which other security tools are ineffective - example is a polymorphic malware, virus and botnets undetected by antivirus, social engineering and other threats associated with the risk of their own internal network users. Thanks to this, FlowMon enables all obligatory entities (service providers and operators of electronic communications networks, administrators of critical communications infrastructure, information systems administrators assigned to critical information infrastructure and administrators of public administration information systems) to meet a significant portion of obligations under the mentioned law and also contributes to the effective management and security enhancement of the internal network of organizations.
FlowMon solution enables the detection of incidents both in environment of enterprise networks and SCADA systems too and can be easily integrated with existing security solutions. Typically, it is a collection of data from firewalls, integration with SIEM systems with unified management and correlation of incidents or integration with systems for automatic blocking incidents on the network.
Benefits of the solution can be proven by more than five hundreds of deployments in companies and organizations worldwide. FlowMon users are also CSIRT security teams (Computer Security Incident Response Team), who use it as a key tool for the detection of network security incidents.
For more information, please visit:
· Case study of CSIRT-MU (Security Team of Masaryk University in Brno) - https://www.invea.com/
INVEA-TECH is a manufacturer of network security solutions for networks from 10 Mbps to 100 Gbps. The flagship of company is FlowMon - solutions for monitoring and security of computer networks, which is based on the technology of IP flow monitoring (NetFlow/IPFIX/