Netmonastery DNIF- Real time visibility

DNIF is an proactive data platform that can ingest, parse, enrich large volumes of data each day and bounce back with actionable intelligence using complex compute models and rules.

DNIF Features & Offerings:

  • Log Management (Log Analysis & Storage): DNIF Log Management makes sense from the clutter of security events to get more than just compliance. DNIF Platform exposes attacks in real-time with reliable and actionable events. DNIF components index, search and store data from any device on an enterprise network infrastructure. Following are some of the highlights of DNIF Platform’s Log Management capabilities:
    • Seamless integration, collection and normalization of logs
    • Intelligent log correlation & Root-cause log analysis
    • Custom dashboards & Reports
    • Index, Search & Store Logs
    • Monitoring & Alerting
    • Compliance
  • Application Monitoring (Third Party Application Integration): DNIF Platform Application Monitoring Platform protects from malicious inputs and suspicious login attempts to data leakage and XSS threats, the DNIF plug-in generates intelligent application logs that feed into the overall security heat-map. . Integrated platform for developers and security teams ensure operational efficiency in application design, implementation processes which bridges gaps in security loop holes.
    • Integrates with existing security infrastructure
    • Application Security event visibility
    • Custom correlation rules for enterprise applications
    • Advanced user access monitoring
    • Customized reports & dashboard
  • Threat management (FORENSIC ANALYSIS TOOL): The DNIF Platform Threat Management platform takes control of security operations with integrated threat management solution which focuses on resource. DNIF Platform next gen technology ensures real-time network-wide protection from advanced attacks. Following at some of the highlights of DNIF Platform Threat Management:
    • Automated attack detection
    • Managed intrusion detection
    • Real-time alerting
    • Global threat intelligence
    • Superior correlation engine
    • Complete network visibility
    • Customized reports

DNIF Platform Components:

  • Adaptor: Used to fetch or receive events from various devices. The Adapter can receive data via syslog or be leveraged as an API to pull data.
    • Capability to process events, performance and machine data
    • Offline caching capability for network outages
  • Detector: Packet level detection device that can be deployed on the external network to monitor (unedited) traffic from ingress and egress points. The Detector leverages a port mirror / SPAN / network tap to copy and process traffic from the network.
    • Deep packet inspection with the ability to deploy customized signatures to support customer specific requirements
    • Profiler – passively discovers the bounds of the network and identifies deviations / anomalies in endpoints, ports, domain hosts and applications
    • Ratio engine that identifies anomalies in packets, data and threats
  • Datastore: Indexes threats and events from the Detector and the Adapter. Optimized to ingest events at a rapid pace and make them available to query in real-time.
    • Big data framework to allow for  elastic scaling capabilities
    • Ability to add storage and scale in a modular fashion, no need to replace HW
    • Build in data quality and redundancy, with archiving of old data
  • Correlator: Real-time attack engine that identifies notable event scenarios and escalates them for further action and remediation. Events are fed into the correlator for analysis against environmental, threat, impact, and behavioural characteristics prior to presenting validated threats.
    • Triggered correlation allows unlimited number of use cases to be enabled, allowing the correlation engine to respond in real-time
    • Provides high fidelity alerts using a floating weight correlation engine
Copyrights ©2016: Pyramid Cyber security & Forensics