home    |    contact us    |    reader services    |    Bookmark Us

Atlanta Business Events

» event calendar

Current Issue

November / December 2008

Mount Sustainability
It's higher than Everest, says the Atlanta businessman who, more than any other capitalist, has been scaling it for more than a decade. And he says time is short before humankind plunges into the abyss.
In For The Long Haul
With a diverse and expanding portfolioin an imploding economy, HD Supply is not only built to weather an economic firestorm, but to grow as well. CEO Joe DeAngelo doesn't know any other way.
Changing The Health Culture Of Your Workplace
Employers are feeling the pain of high healthcare costs ... and they're doing something about it.
CatalystMag.com's Top 25 Entrepreneurs + Ones To Watch
Find out who made the list!
» more
Home  | Insights  | Insights Into Technology: Network Behavior Analysis

Archives

» more

» more

» more

print-friendly version
discuss this story
bookmark this page
related content

Insights Into Technology: Network Behavior Analysis

Adam Powers

July 1, 2008

 
sponsored by:
I t’s never been more critical for network and security managers  to attain deep insight into the traffic flowing throughout their networks. Whether it’s increased regulatory demands, the trend toward more targeted attacks or the latest stealth techniques employed by malware authors, IT departments must be able to identify and block traditional attacks as well as malicious traffic and entirely new attacks.

The most widely deployed security technologies – anti-virus, intrusion detection/prevention systems and firewalls – all depend on lists of known patterns or static rule sets to stop malicious activity.

While these conventional defenses are essential to any company’s security plan, organizations benefit from identifying stealthy and sophisticated attacks often missed by signature-based systems. A popular way to detect these attacks is through Network Behavior Analysis (NBA), which aims to study and learn normal network behavior so the system can identify anomalous and potentially malicious traffic that could hurt the entire network.

NBA technologies build a baseline of normal network activity for each host connected to the network
By employing NetFlow™, sFlow® or native traffic flow from the network infrastructure, the NBA system collects information, including behavioral indicators such as normal rates of bits and packets per second; the total number of bytes during a 24-hour period; and what ports and services each host offers on the network.

From this baseline, the NBA system constructs profiles of different attributes and acceptable system behaviors to establish tolerance levels. Then, whenever the activity of a device breaches an established tolerance level, network and security managers are alerted. For example, when a Web server that has been using only port 80 suddenly opens an FTP session, you’ll want to know about it.

How NBA complements signature-based security technologies and consolidates network traffic monitoring tools
NBA not only strengthens security by filling the gaps left open by signature-based products, but also replaces homegrown, open source and proprietary network traffic monitoring point products. The historical network data and traffic behavioral analysis provides the real-time insight that network admins must spot and correct upcoming service interruptions – before they affect overall network performance.

In fact, intelligence gathered by the NBA enables admins to see the impact of any unexpected network event from anywhere within their network. This information can be customized for the individual responsibilities of each admin.

This cuts into time needed to diagnose and separate security-related events from performance and architectural-related network events, thereby accelerating network performance capacity planning and streamlining resource management. NBA technology also provides a range of network operation-focused reports like the network’s top talkers, interface utilization statistics and visual representations of historical network traffic.

NBA displaces the need for expensive appliances and software agents at remote sites
NBA tools also can help consolidate the deployment of network security and performance-monitoring tools at remote offices. In a large distributed environment, as is the case with a dozen separate sites connected through MPLS, the typical approach either is to deploy software agents to all the hosts at those remote sites or deploy IDS/IPS sensors at each location.

By deploying IDS/IPS and related security applications at the core data centers and enabling NBA at the remote sites, there’s little need to deploy expensive appliances and software-based agents at each remote location.

How you decide to use NBA is limited only by your needs and imagination.

Adam Powers is CTO of Lancope.


Related Content:


Loading

Events | Business Resources | Real Estate | Health Care | Economic Development
Reader Services | Newsletters Signup | Terms & Conditions
Contact Us | Advertise with Us | Subscribe
Copyright © 2008 Trans World Publishing, Inc. All Rights Reserved.