Intrusion detection is a system of exposing threats that try to compromise the applications and networks of an enterprise. It achieves this by analyzing data from different sources like computers and networks both within and outside the organization. It uses vulnerability assessment, system-configuration file analysis and analyses of other system areas for policy violations and abnormal activity patterns.
- Low detection efficiency due to large number of false positives
- Inadequate research on the nature of intrusion events
- Absence of proper metrics and assessment methodologies
- Lack of general framework to evaluate and compare alternative Intrusion detection techniques
- Inadequate and improper analysis of the ciphered data
The CNAM Approach
- Intrusion Detection Device (IDD) used by CNAM works on a host of meticulously researched proprietary technologies to deliver accurate results.
- CNAM uses SNORT (an open source intrusion detection system) along with customized rule-set as a signature based detection system.
- CNAM is also powered by proprietary engines such as anomaly detection engine and collaborative worm detection engine to detect outbreaks.
- Event log collection and analysis engine is utilized by CNAM to collect and analyse all local event logs for anomaly detection.