Professional Documents
Culture Documents
Event sent to
CSA MC
CSA MC
CSA MC correlates
the events and
updates the hosts
Host
Protected Hosts
Infected with Worm
Un
a uth
ori
ze
dR
eg
ist
ry
At
ta ck
Network
E-mail Worm Attack Alerted
ort
ep
ca nR
S
Vi rus
Attacks Detected
• The system correlation rules allow CSA to prevent the command shells
from being invoked by vulnerable application categories.
• The System API Control rule detects and prevents errant programs from
performing malicious acts on individual systems and networks.
• A Network Shield rule provides network protocol stack hardening
capabilities.
• The Buffer Overflow rule checks for the accumulation of excess data for
processing.
• The E-mail Worm Protection module designs a dynamic application
class for detecting any suspicious action occurring on a system.
• The Installation Application policy is a preconfigured policy applied to
systems for tracing the time taken for installing a software and to add
the installation processes to a dynamically built application class.
• Global event correlation refers to the collection, consolidation, and
analysis of the information gathered as a result of intrusion from
multiple and often diverse network devices.