OneSecure User Guide 3/4/2015

Transcription

1 OneSecure User Guide 3/4/2015

2 CONTENTS Getting Started 2 The Dashboard 3 Firewall Reports Analyzed Activity 4 Protocol Usage 5 Web Users 6 Web Destinations 7 Detailed Web User 8 Top Users 9 Top Destinations 10 Top Location 11 IPS Reports Attacks Blocked 12 Hostile Attackers 13 Attackers Detail 14 Targets of Attacks 15 Targets Detail 16 Gateway AV Reports Viruses Caught 17 Sources of Viruses 18 Recipients of Viruses 19 Anti-SPAM Reports SPAM Blocked 20 SPAM by Attacker 21 Attacker Detail 22 Top SPAM Targets 23 Web Content Filtering Filtered Categories 24 Categories Over Time 25 Offending Users 26 Sites by User 27 Sites by Category 28 Incident Alerts 29 Subscribe to Service 30 GETTING STARTED Accessing OneSecure customer security management portal To access your secure portal: Go to Enter your user ID and password Please note that all data within the portal is updated after 12:00 PM for all data received by the device as of 12:00 AM the previous day. Understanding the OneSecure Security Console The tabs along the top of the screen allow users to Add services Manage support services Drill down with detailed reports Select the location of the device from which to view data (for multi-site users) Access training materials Log out of the portal DASHBOARD TAB The Dashboard tab (default view) provides an instant, integrated look at a host of major security parameters. A breakdown of the individual information points is shown on the following page. REPORTING TAB The Reporting tab provides access to a host of reports, including firewall reports, IPS reports, gateway AV reports, anti-spam reports, and web content filtering reports. A detailed look at the sample reports starts on page 4. 2

3 1. Security Protection Rating: Indicates at a glance how current security posture ranks against industry best practices. 2. Security Attack Trends: Provides trending analysis of attacks against the network over the previous seven days. 3. Attack Log: Functions like an odometer recording total amount of traffic, attacks, viruses, web sites blocked and SPAM blocked since service inception. 4. Incident Alerts: See details of higher level attacks & how they were handled or need to be handled by the end user. 5. News: Provides current information based on what the provider wants the end user to review. 6. Real Time Activity Detail: (last 7 days) Each individual square functions as a gauge for the indicated security services and delivers mini-reports on network security for the previous seven days

4 FIREWALL REPORTS Analyzed Activity The Analyzed Activity report shows the inbound traffic logged by the firewall organized by country of origination. This report identifies the volume of electronic communication activity originating from each Nation. This may be helpful to organizations who want to either limit communication with a certain country or would like to track increases of activity based on marketing initiatives or other business activity which may be expected to drive users to their network from specific parts of the world. 4

5 FIREWALL REPORTS Protocol Usage This report provides the reader with a complete picture of all of the activity that is occurring on the customer network throughout the time period covered in the report. This activity may be useful for the reader by helping to interpret trends in activity that may identify suspicious behavior or a flawed configuration in the network environment. To further isolate the potential issue being investigated the reader may require a more detailed review of specific protocol breakdowns included in the other subsections of this report. 5

6 FIREWALL REPORTS Web Users This report provides the reader a quick assessment of which network users have been most active for the time period specified, related to internet activity. The number of hits is one method to determine how much Internet activity the specified address has engaged in. The reader can then determine the appropriateness of the activity coming from each network user or identified system. 6

7 FIREWALL REPORTS Web Destinations This report provides the reader a summary of the most visited destination addresses from its network. This indicates where users on the reader s network have been browsing and how active each of those web sites or networks is. The reader can then verify the appropriateness of this activity and determine if any additional controls should be in place to limit certain access or notify users of their inappropriate activity should any exist. 7

8 FIREWALL REPORTS Detailed Web Users This report provides the reader with more detail than the two summary reports identified above. If inappropriate activity is identified in either of the reports above, the reader will be able to gain more intelligence regarding who went where and how often. This will help to identify the user who has engaged in the inappropriate activity and draw some specific conclusions as to why the activity was initiated. This report could serve as evidential documentation should any action be taken against an employee for inappropriate use or abuse of the Internet which violated company policy. 8

9 FIREWALL REPORTS Top Users This report shows you the top users in your company. You can use this to assess if an employee is spending too much time sending and receiving or you can use it to dig deeper to determine if they are really using for work related issues. 9

10 FIREWALL REPORTS Top Destinations This report shows you the top locations that are sending and receiving from your company. You can use this to assess if employees are sending s to inappropriate destinations or perhaps to your competitors. 10

11 FIREWALL REPORTS Top Locations This report shows you the top locations that are sending and receiving from your company and the internal employees that are sending and receiving this . 11

12 IPS REPORTS Attacks Blocked This report provides a summary of the Attacks Blocked that are occurring over the period of time covered. The data points help identify growing trends in activity of certain alerts that may require a heightened awareness by OneSecure engineers. This will help focus the proper amount of attention on risks that may be building over time and may require communication with the hostile network to rectify. 12

13 IPS REPORTS Hostile Attackers This report identifies networks that have shown a higher than normal intent to cause damage, interrupt service or infect the customer network with viruses during the time period covered in this report. This activity has caused these networks to be labeled as hostile to the customer environment. This information is helpful to conduct further research identifying true intent of the intruding system, to contact the network administrator of the hostile network and to build more intelligent modeling to identify future malicious behavior that will allow more proactive strategies to be deployed to protect the customer s environment. The activity between a network designated as hostile and the customer network requires a lower threshold before being raised to an incident level. Activity from these networks is also examined on a global basis to protect all customer environments. 13

14 IPS REPORTS Attackers Detail This report presents the detailed activity associated with each network identified as hostile. The data included shows, the user of the report, each security event that was originated by the source of the attacks. This provides a good foundation for OneSecure engineers to gain a better understanding of the patterns of behavior to draw conclusions on the intent of the activity being performed. This report will help identify cases where an intruder s behavior is growing more harmful over time or combinations of activity that may prove more harmful than events examined individually. 14

15 IPS REPORTS Targets of Attacks This report summarizes the targets of attacks that were launched against the customer s network devices. This report is used to gain an understanding of how the network perimeter is being viewed by outside intruders and what is being perceived as a valuable target. This information is helpful in drawing conclusions related to the intentions of the hostile activity that is being tracked and how the customer s Internet footprint (this is the appearance of customers network to public users on the Internet. If the footprint is too large it may encourage a greater amount of interest from a random malicious user who happens to see the network while looking for a target) may be contributing to the level of activity observed. This data is used to proactively identify growing issues and recommend or carryout risk mitigation activities where possible. 15

16 IPS REPORTS Targets Detail This report supplies information regarding the detail surrounding attacks launched against specific components of the customer s network perimeter. This data can be used to further identify the intentions of a malicious user or a growing threat specific to an individual network device or other component. 16

17 GATEWAY AV REPORTS Viruses Caught The Viruses Caught report shows that the listed viruses have been stopped at your gateway and the number of attempts for each virus on your network. These viruses and attempts have been stopped and have not been allowed to enter your network. OneSecure has taken the necessary steps to protect your environment from this malicious attack. For further detail, go to the Incident Alerts page to see if you need to take any further action. If nothing is listed then, there are no other action steps for you to take. 17

18 GATEWAY AV REPORTS Sources of Viruses The Source of Viruses report illustrates the source of the virus from the originating IP Address along with the number of attempts that have been made. OneSecure has taken the necessary steps to protect you from this virus and no action needs to be taken on your part. Please note that many viruses originate from multiple IP Addresses and this data will show you where the viruses in the Viruses Caught Report have originated. 18

19 GATEWAY AV REPORTS Recipients of Viruses This Recipient of Viruses report identifies who, based on your Internal IP Address, the virus was intended. The amount of times the IP Address had an attempted attack will be listed. All of these attacks have been stopped from entering your network. 19

20 ANTISPAM REPORTS SPAM Blocked This report shows SPAM s that have been blocked and the number of times each type of SPAM has been blocked. 20

21 ANTISPAM REPORTS SPAM by Attacker This report shows top sources for SPAM s that have been blocked. 21

22 ANTISPAM REPORTS Attacker Detail This report shows the source IP address (sender) of SPAM s and the destination IP address (target) of SPAM s that have been blocked. 22

23 ANTISPAM REPORTS Top SPAM targets This report shows the top targets of SPAM and source IP address. 23

24 WEB CONTENT FILTERING REPORTS Filtered Categories The Filtered Categories report identifies the categories of web sites which you have identified as unacceptable and have blocked from employees. 24

25 WEB CONTENT FILTERING REPORTS Categories Over Time The Categories over Time report shows a trending scenario has been arranged so that you can see which categories your users are attempting to access on the Internet over a specific period of time. 25

26 WEB CONTENT FILTERING REPORTS Offending Users The Offending Users report shows the top users attempting to access web sites that you have deemed off limits based on the policy you have created. This list is a compilation of your top users based on their Internal IP Address. If you are running Active Directory or LDAP, you may be able to correlate these to user names. 26

27 WEB CONTENT FILTERING REPORTS Sites By User The Sites By User report shows the top web sites that users attempted to visit by your top 10 users. It indicates the user and number of times they have attempted to visit a particular site and the offending category for that site. 27

28 WEB CONTENT FILTERING REPORTS Sites By Category The Sites By Category report shows the particular category of offending web site and actual web sites that were attempted to be visited by your employees. 28

29 INCIDENT ALERTS Incident Alerts This report provides a summary of the high-level attacks that have been blocked by security engineers. This report not only provides visibility into the backend security processes the data points help identify growing trends in activity of certain alerts that may require a heightened awareness. This will help focus the proper amount of attention on risks that may be building over time and may require communication with the hostile network to rectify. 29

30 SUBSCRIBE TO SERVICE Subscribe to Service Within the portal there are multiple ways that an existing client can add additional services. Using the Subscribe tab at the top of the screen or by simply clicking on a service that is displayed in red, which indicates that the service is not currently being leveraged, will transport the user to the Subscribe Page. 30