CNAM is a complex engine that simplifies threat management. It builds threat models from around the globe and delivers quality decision making to customers.
CNAM uses five primary function modules at the core of the threat detection engine, these modules are tuned by experts for each deployment scenario. Here is a breakdown and brief function of each module.
A good threat management system is required to be flexible, it should be able to integrate and operate seamlessly with existing infrastructure. CNAM offers simplicity in design to its customers.
CNAM adopts a non-intrusive approach to security, it requires no downtime and nor does it contribute to the latency of the network. CNAM can integrate with everything from network devices to applications. It can scale seamlessly across global locations of a customer and still provide real-time visibility through a single window.
CNAM sends out instant notifications for threats. It escalates events that need further investigation. CNAM provides training (inclusive in the service) to customers for setting up of a threat response center. The primary roles of this center would be
As a customer, you can alternately choose to work with an MSSP partner who has teams trained to investigate and respond to threats using the the CNAM platform.
CNAM uses cutting-edge algorithms and the power of the cloud to actively detect and respond to attacks on your critical IT infrastructure. It implements advanced correlation rules and detection mechanism coupled with a global intelligence network to deliver top notch security presented in an intuitive dashboard. We bring with us everything you need to detect attacks, all this is installed, configured and monitored by us round-the-clock.
Below are the primary components used by CNAM with a short description.
The UNET is a global facility used by CNAM to deliver real-time threat intelligence to its customers. The UNET aggregates intelligence from two networks viz. the CNAM customer network and the partner network. UNET is a network of global presence points called as Point-of-Presence (POP).
The IDD is the primary whistle blower for the CNAM service, it uses multiple technologies for detecting attacks in real-time. Each IDD is customised to the needs of the network and is monitored using unique correlation rules deployed by the CNAM Threat Center. Detection modules in the IDD are updated continuously to keep up with the changing threat landscape.
NAG is a local event collection and analysis engine, that is responsible for executing the correlation logic on the accumulated data. The NAG ensures that all the data collected by CNAM remains within the network perimeter. The NAG is in constant connectivity with the UNET which supplies real-time threat intelligence for accurate decision making.
© 2015-2016 All Rights Reserved. NETMONASTERY™ and CNAM™ is a registered trademark of NETMONASTERY NSPL.