Secure Connection BV offers pentesting services and sophisticated network security monitoring solutions.
There is no single solution for effectively monitoring and detecting security events in an IT infrastructure. The approach is based on a combination of signature and anomaly methods coupled with distributed processing.
The distributed processing makes use of an intelligent (in house developed) agent framework. The advantages of using this framework is analysing the data at (or very near) the source and load balancing processor intensive actions at locations/systems better suited for the task.
The focus is primairely on the analysis of network data. But the agents are also capable to monitor and analyze host based data i.e. processes, memory usage and logfiles.
Our intelligent agent framework performs real time network security analysis as mentioned above and consists of:
- an agent server, connected to agent containers on hosts
- an agent controller, for configuring, distributing, starting and stopping agents
- agent containers containing agents.
- agents which reside in the containers which perform the actual work
Intelligent agents can be distributed all over the hosts in a network, containing agent containers.
Agents can be configured to capture data, send data to another agent, collect data, analyze data, display events etc. Agents can communicate with each other and make distributed analysis possible.