Akab is a modular and scalable SIEM+ (Security Information Event Management) architecture composed of various appliances placed on different points of the LAN to control network security status and proper network functioning with the means of analysis of network traffic, and system status and behaviour.

Akab is a SIEM+ architecture because, in addition to the common SIEM functions, it offers:

• Network Security Monitoring: capture and analysis of network traffic, flow accounting/policing
• Security Audit Correlation: use of VA/PT for correlation
• Anomaly Detection: Log & Packet, Network Behavior, Semantic
• User Awareness: integration with IAM/IDM
• Natively integrated Intrusion Detection

AkabSensor appliances monitor network status, and upon alert detection generate, filter and forward Akevent messages to AkabCollector appliances for event correlation, interpretation and management. AkabMaster appliances verify proper events identification, define system behaviour model and improve the mechanisms of interpretation.
Important characteristics: Active Directory/LDAP integration, Akevent message format, real time 3D visualization.

Akab architecture is modular, scalable and distributed. Akab appliances are divided in three hierarchical levels:

• AkabSensors collect, filter and transform in Akevent format network data acquired directly or/and provided from third part applications on the network (network traffic, SNMPTrap, syslog, netflow, etc...).
• AkabCollectors collect Akevent information received from AkabSensor, and carry event correlation, interpretation and management task.
• AkabMasters collect Akevent event interpretations received from AkabCollector and define network system behaviour.

Akab architecture implements a Network Security Management system that allows to map network security, traffic, and appliances status data and so to provide full and structured view of the network.

User Interface

Akab offers web-based GUI that provides simple access and easy administration of the system.
Use of Macromedia Flash graphics and animations provide fast and intuitive view of the status change of network systems and hosts. Moreover Akab features both real time and historical representations of network traffic flow and events.

Use of AKevent format

All detected and/or generated system alerts are converted into Akevent message format (a normalized universal Event Management format) used across Akab system levels.

MS-AD/LDAP Integration (optional)

Network and security data can be associated directly with user logins to examine and control user bahaviour.

Trouble Ticketing Integration (optional)

Akab can be integrated with Trouble Ticketing system.

AkabMaster (AM)

AkabMaster is the highest level appliance in Akab architecture, responsible for interpretation of Akevents sent from AkabCollector appliances across the network, and for definition and update of system behaviour models so to facilitate and speed up functioning of appliances on the network.

AkabCollector (AC)

In Akab architecture, AkabCollector is the appliance in charge of correlation of the Akevent data received from AkabSensor appliances and, with delay no more than 1 minute from the alert detection, of activation of appropriate alarm and protection mechanisms.

AkabSensor (AS)

Akab architecture is based on AkabSensor - a family of appliances that manage all network data directly acquired or received from other network appliances/applications.
AkabSensor product family consists of various specialised devices for Network and Security Management: security audit (AS-SA), intrusion detection (AS-ID), bandwidth management (AS-BM), traffic monitoring (AS-TM), and log server (AS-LS).