The Akab architecture is based on AkabSensors - a family of appliances for management of network data both directly acquired or received from other network appliances/applications.

AkabSensors have crucial role in system monitoring as they provide data to various Anomaly Detection and Event Correlation algorithms run in other higher level appliances.

The AkabSensor family consists of various specialized appliances:

• security audit (AS-SA),
• intrusion detection (AS-ID),
• bandwidth management (AS-BM),
• traffic monitoring (AS-TM),
• log server (AS-LS).

All AkabSensor appliances for Network Management (BM, TM and LS) are available in stand-alone configuration as well.

AkabSensor Security Audit, is an Akab appliance specially designed for management and implementation of Vulnerability Assessment – security controls performed to identify possible vulnerabilities in the OS and applications running on network nodes.

AkabSensors perform different specific functions according to their purpose.
Functions common to all AS appliances are: data collection, filtering, interpretation and generation of Akevents, communication with AkabCollector.

For proper and continuous network functioning all appliances are available in configuration FailOver (twin backup appliance), while only AS-BM is additionally available with build-in Bypass mechanism to assure continued dataflow in all conditions.

All Akab system applications use same standard web-based GUI.

Data Collection

AS can collect the following datasets:

• Netflow
• Syslog
• SNMPTrap
• Security Alert

Collected data is stored locally in its original format for farther statistical or forensic analysis.

Filtering

Custom filtering criteria can be defined for every dataset (Netflow, Syslog, SNMPTrap and Security Alert) and every host/application data source.

AKevents Interpretation and Generation

Network data is continuously analysed and an Akevent alert message is generated every time when a case of data considered anomalous is identified (Denial Of Service, scan, intrusion attempts, etc...).

Communication with AkabCollector

All network status information and Akevents are encrypted and forwarded with appropriately assigned priority levels to other higher level appliances (AkabCollector) through proprietary communication protocol.

AkabSensor Types

The AkabSensor family of products includes a number of specialised appliances with distinct set of functionalities and different data elaboration/management capability.

• AS-SA (Security Audit) - operates netflow, syslog and SNMPTrap data, generates Akevents and forwards them to the AkabCollector. The appliance implements Vulnerability Assessment functions aimed to control the presence of vulnerabilities in the different OS versions and configurations, and network system applications.
• AS-ID (Intrusion Detection) - operates Security Alerts, generates Akevents and forwards them to the AkabCollector.
• AS-BM (Bandwidth Management) - accomplishes the tasks of network bandwidth partitioning according to different criteria.
• AS-TM (Traffic Monitoring) - accomplishes the task to analyse both network traffic (up to application level) and Netflow information provided by third part applications, and to forward statistics to AkabCollector.
• AS-LS (Log Server) - accomplishes the task to gather and store SNMPTrap and syslog messages from different host and applications, and to extract and visualise them according to different criteria.