Technology: Network Behavior Analysis

 

Network security was historically focused on a perimeter to protect against external threats. But nowadays, more than 70% of attacks come from internal network so new approaches are required. Network traffic monitoring is becoming necessary part of each computer network and also anomaly detection systems are still more common. 

According to the analytical researches and recommendations organizations should deploy not only firewall and intrusion prevention system (IPS) but as a next step also anomaly detection system based on network traffic monitoring. These systems are often called NBA/NBAD (Network Behavior Analysis, Network Behavior Anomaly Detection) and they monitor network for unusual behavior, events or trends. NBA systems are able to detect threats against which other security tools are ineffective – for example purpose-written malware, viruses and botnets not detected by antiviruses, social engineering and other threats associated with internal network users.

 

product-schema-nba.png

» An example of Network Behavior Detection system is our Anomaly Detector.

 

Network Behavior Analysis system detects of network attacks, anomalies, advanced threats and undesirable behavior which is based on continuous automatic evaluation and analysis of network traffic statistics (NetFlow/IPFIX) generated by NetFlow Probes, active devices (switches, routers) or other tools (e.g. firewall). The goal of Network Behavior Analysis system is to identify security issues, operational problems and to enhance network security. The main advantage over regular systems for intrusion detection and prevention is the focus on the overall behavior of the devices on your network, allowing you to respond to unknown or specific threats for which no signature is available.