1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Firewall
  5. 10521146 - Network Security 7120
  6. Administration manual

About Analysis - Symantec 10521146 - Network Security 7120 Administration Manual

Administration guide
Hide thumbs Also See for 10521146 - Network Security 7120:
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
Table of Contents

Advertisement

30 Architecture
About the core architecture

About analysis

data from the native format to the Symantec Network Security format, and
transmits the data to the software or appliance node.
See
"About detection"
See
"About Smart Agents"
Symantec Network Security includes state-of-the-art correlation and analysis
that filters out irrelevant information and refines only what is meaningful,
providing threat awareness without data overload. Symantec Network Security
correlates common events together within an incident to compress and relate
the displayed information.
This section describes the analysis mechanism in greater detail:
About refinement
About correlation
About cross-node correlation
About refinement
Symantec Network Security detects both known and unknown (zero-day)
attacks, using multiple detection technologies concurrently. Event refinement
rules extend the Protocol Anomaly Detection capabilities. Symantec Network
Security matches generic anomalies against a database of refinement rules, and
for known attacks, reclassifies an anomaly event by retagging it with its specific
name.
About correlation
Symantec Network Security uses event correlation, the process of grouping
related events together into incidents. This produces a shorter, more
manageable list to sift through. Some types of intrusions, such as DDoS attacks,
generate hundreds of events. Others, such as buffer-overflow exploits, might
generate only one event. Event correlation brings each key event to the
forefront in an incident so that it remains visible despite floods of events from
other activities. It automates the process of sorting through individual events
and frees the user to focus on responding directly to the security incident.
Symantec Network Security correlates security events (intrusions, attacks,
anomalies, or any other suspicious activity), response action events (automated
actions taken by Symantec Network Security in response to an attack), and
operational events (action taken in the administration of the product, such as
logging in or rotating logs).
on page 159.
on page 37.

Advertisement

Table of Contents
loading

Related Manuals for Symantec 10521146 - Network Security 7120

Related Content for Symantec 10521146 - Network Security 7120

This manual is also suitable for:

Network security

Table of Contents