Sophos Cyberoam device auditing
Firewalls are a crucial layer of security in any network, and they're often an organization's first line of defense. Over the years, the functionality of firewalls has evolved to become more sophisticated. Many vendors now offer next-generation firewalls (NGFWs), moving beyond blocking traffic and port or protocol inspection, and adding application-level inspections and intrusion prevention systems (IPSs).
Sophos Cyberoam offers many NGFWs with built-in application inspection and control, website filtering, HTTPS inspection, IPSs, VPNs (IPSec and SSL), and granular bandwidth controls. Auditing these NGFWs can be useful for network security, as they provide a treasure trove of security information.
Reports on Sophos Cyberoam in EventLog Analyzer
Auditing Sophos Cyberoam logs and monitoring the activity in your firewall can help ensure network security. EventLog Analyzer provides out-of-the-box support for Sophos Cyberoam devices. It collects and analyzes Sophos Cyberoam logs to give you detailed audit reports and graphs, which provide the following insights.
- Logon activity: A list of all the successful logons to the firewall, the hosts and users with the most logons, as well as logon patterns.
- Failed logons: All failed logon attempts to the firewall, the hosts and users with the most failed logons, and failed logon patterns.
- Allowed traffic: Details of all the connections that pass through the firewall into the network.
- Denied connections: Details of all the connections that are denied access to the network.
- System events: A list of all the packages installed or upgraded on the firewall.
- IDS/IPS events: A list of possible and critical attacks, along with the source and destination devices most frequently involved in attack attempts. An attack trend report is also included.
- Threat report: Details various attack types, such as flood attacks and spyware downloads.
- Severity report: Classifies log information by severity and is useful for viewing all events (including emergency, error, critical, alert, warning, notice, information, and debug events) in a single click.
Correlation of Sophos Cyberoam log data
For better context, EventLog Analyzer performs event correlation while detecting security incidents. It correlates events happening in Sophos Cyberoam devices with the logs generated by the rest of the network.
Supported Firewalls, NGFWs, IDS, and IPS