Security Monitoring concept
- Print
- PDF
Security Monitoring concept
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in Classic and VPC
Security monitoring is categorized into Basic and Managed services, and the provided features and usage fees differ according to the service type. The security services provided for each platform by the Security Monitoring Managed are as follows. Even for the same service, some features may differ, depending on whether the user environment is VPC or Classic. Please check the platform you're using before referring to the detailed description:
- VPC
- Classic
Note
- For best usage of Security Monitoring concepts, please pay attention to the following Glossary:
- V1: an abbreviation for the Classic environment
- V2: an abbreviation for the VPC environment
- Before training Security Monitoring concepts, you must also familiarize yourself with the precautions for each security service. For precautions for each security service, see Prerequisites for using Security Monitoring.
VPC
It describes the functions of IDS, Anti-Virus, Anti-DDoS, WAF, and IPS provided by the Security Monitoring Managed in the VPC environment.
IDS(V2)
It detects attacks against the user's service in real time. It supports the user's service to operate securely by monitoring them 24/7. The provided features are as follows:
- Forward of detection and analysis report in the event of a suspected security incident
- Constant configuration of detection policies and application of pattern updates for the latest attacks
- Provision of exception handling upon user request
- Provision of weekly and monthly reports
Note
We collect customers subject to IDS billing as of 23:00 every day and you can check from the NAVER Cloud Platform console Cloud Activity Tracer > Daily Use Resouce > Details.
Anti-Virus(V2)
It detects and defends malware. It supports the stable operation of the user's service by detecting, isolating, and deleting malware on servers being operated by the user in real-time. The provided features are as follows:
- Isolate and remove viruses and spyware
- Provision of analysis report in the event of suspected malware
- Provision of the server vaccine for Windows/Linux
- Provision of exception handling for specific files and folders
- Automatic update of latest detection patterns
- Identification of detection information and provision of dashboard on NAVER Cloud Platform console
- Provision of weekly and monthly reports
Note
Anti-virus vaccine patterns are updated daily at 1 AM, and they are immediately applied to real-time monitoring.
Anti-DDoS(V2)
It monitors, detects, and blocks the DDoS attacks against the user's service 24/7 to help them safely operate their service. It can detect attacks quickly and accurately with the Full Packet Analysis method. The provided features are as follows:
- Protection from various types of DDoS attacks through multi-level filters
- Detection of attacks with a separate policy by creating a specialized protection target (Zone) for each user
- Support for analysis of user-specific attacks and creation/registration of blocking rules
- Separate management of source IP (NAT IP) which causes normal mass traffic and prevention of false detections
- Provision of customized threshold settings through training
- Provision of weekly and monthly reports
WAF(V2)
It specializes in detecting and defending web attacks. It monitors web-based traffic of HTTP and HTTPS. It enables immediate response by detecting and defending incoming attacks to the user's web service through a dedicated WAF solution. In the VPC environment, WAF provides a separate WAF platform for each user with the reverse proxy method. For a stable service, it has a redundant structure by default. The HTTP Port 80 public communication is used to communicate between the WAF VM and the user's service Application Load Balancer.
Based on the above, the diagram of the WAF service configuration in the VPC environment is as follows:
WAF basically operates in detection mode and blocking mode. It operates in the detection mode for approximately 1 month, and then analyzes detected events to suggest blocking policies and schedules for blocking mode changes to users. Because of how this operation method works, no logs are shown in NAVER Cloud Platform console while operating in the detection mode. Only the blocked logs are provided after changing to the blocking mode.
The features provided by WAF are as follows:
- Detection and blocking of weak points of access authority
- Detection and blocking of encryption errors
- Detection and blocking of security setting errors
- Detection and blocking of weak points of applications
- Detection and blocking of SSRF, XSS, CSRF, and Injection
- Detection and blocking of various web attacks such as Cookie modulation and theft prevention
- Configuration and management of blocking policies suitable for customer environment
- Provision of IP/URL exception features
- Provision of periodic security policy updates
- Identification of blocking information and provision of dashboard on NAVER Cloud Platform console
- Provision of weekly and monthly reports
IPS(V2)
It monitors host-based inbound and outbound traffic 24/7, and detects and blocks suspicious activities to support the user's service to operate securely. IPS basically operates in detection mode and blocking mode. It operates in the detection mode for approximately 1 month, and then analyzes detected events to suggest blocking policies and schedules for blocking mode changes to users. Because of how this operation method works, no logs are shown in NAVER Cloud Platform console while operating in the detection mode. Only the blocked logs are provided after changing to the blocking mode.
The features provided by IPS are as follows:
- Provision of customized detection and blocking policy features for each operating system, application, and server purpose
- Provision of virtual patching to protect VM from zero-day attacks by protecting the system until the applications of vulnerable versions are patched
- Periodic update of IPS detection and blocking policies
- Protection of VM from vulnerabilities through periodic scans and application of detection policies for host applications
- Identification of blocking information and provision of dashboard on NAVER Cloud Platform console
- Provision of weekly and monthly reports
Classic
It describes the functions of IDS, Anti-Virus, Anti-DDoS, WAF, and IPS provided by the Security Monitoring Managed in the Classic environment.
IDS(V1)
It is the same as the IDS support details in the VPC environment. Please see VPC > IDS(V2) of this page.
Anti-Virus(V1)
It is the same as Anti-virus support content in the VPC environment. Please see VPC > Anti-Virus(V2) on this page.
Anti-DDoS(V1)
It is the same as the Anti-DDoS support details in the VPC environment. Please see VPC > Anti-DDoS(V2) of this page.
WAF(V1)
It specializes in detecting and defending web attacks. It monitors web-based traffic of HTTP and HTTPS. It enables immediate response by detecting and defending incoming attacks to the user's web service through a dedicated WAF solution. WAF basically operates in detection mode and blocking mode. It operates in the detection mode for approximately 1 month, and then analyzes detected events to suggest blocking policies and schedules for blocking mode changes to users. Because of how this operation method works, no logs are shown in NAVER Cloud Platform console while operating in the detection mode. Only the blocked logs are provided after changing to the blocking mode.
The features provided by WAF are as follows:
- Detection and blocking of weak points of access authority
- Detection and blocking of encryption errors
- Detection and blocking of security setting errors
- Detection and blocking of weak points of applications
- Detection and blocking of SSRF, XSS, CSRF, and Injection
- Detection and blocking of various web attacks such as Cookie modulation and theft prevention
- Configuration and management of blocking policies suitable for customer environment
- Provision of IP/URL exception features
- Provision of periodic security policy updates
- Identification of blocking information and provision of dashboard on NAVER Cloud Platform console
- Provision of weekly and monthly reports
IPS(V1)
It monitors network-based Inbound and Outbound traffic 24/7, and detects and blocks suspicious activities to support the user's service to operate securely. IPS basically operates in detection mode and blocking mode. It operates in the detection mode for approximately 1 month, and then analyzes detected events to suggest blocking policies and schedules for blocking mode changes to users. Because of how this operation method works, no logs are shown in NAVER Cloud Platform console while operating in the detection mode. Only the blocked logs are provided after changing to the blocking mode.
The features provided by IPS are as follows:
- Detection and blocking of malicious traffic through real-time traffic analysis
- Provision user-specific blocking policies
- Signature-based defense
- Application defense
- Protocol-based defense
- Domain blocking
- Harmful sites/URL-based block
- Provision of exception handling based on patterns
- Provision of exception handling for IP blocking
- Periodic update of IPS detection and blocking policies
- Identification of blocking information and provision of dashboard on NAVER Cloud Platform console
- Provision of weekly and monthly reports
Was this article helpful?