With the use of advanced anomaly detection and DDoS mitigation tools, our engineers can maintain a holistic view and an understanding of real-time threats against the GÉANT network, allowing our team to mitigate against threats quickly and efficiently.
What we use to monitor the GÉANT Network
NeMo or Network Monitoring is used for both analysis and anomaly detection of Net-Flow based traffic traversing the GÉANT network. In addition, it is responsible for the identification and mitigation of DDoS attacks on NRENs.
Anomaly detection system
Our advanced anomaly detection system aids in the process of identifying, tracking, and mitigation of malicious traffic patterns traversing the GÉANT network. Automated detection and alerting capabilities provide extensive customisation tailored to the GÉANT network.
A netflow collector and the first tool within the NSHaRP process. Having the capability to process and analyse flows gathered from all GÉANT project routers, it is able to extract information about various attacks such as DoS, SSH/HTTP/RDP/telnet, ports scans and others.
A powerful log correlation engine which on the hands of the GÉANT CERT team is used as a detection tool. Logs are gathered from all groups of devices (routers, workstations, servers etc.) and then those are grouped and depicted in a meaningful fashion to the security team.
GÉANT CERT heavily utilises Nessus scanner to look for compliance with the policies machines in terms of patching and hardening levels. Scans are performed by-weekly in a grouped and clever manner to help in the interpretation and prioritisation of possible vulnerable machines. Alerting via email is integrated as well in case vulnerability levels are beyond acceptable levels.
A team comprised of volunteer security professionals from around the world with the mission to understand, help out and stop cyber-crime. GÉANT CERT is subscribed to their free automated alerting service in order to gather intelligence about various events affecting the GÉANT corporate and project network.