maxkabakov - Fotolia
In today's hyperconnected digital environment, the network is both a conduit for malicious traffic and a rich source of security intelligence. Armed with the right set of monitoring and analytics tools, IT managers can mine the network for data that can reveal threats in advance of a breach. Network security analytics tools can also provide valuable forensic data that IT teams can apply to uncover breaches and make changes to improve their overall security posture.
The network itself is an excellent resource for security data. To a large degree, the network is equipped to capture traffic data, aided by instrumentation designed to collect telemetry information that can expose potentially harmful activity.
While traditional network analytics concentrates on culling traffic data for performance optimization and diagnostic purposes -- such as identifying bottlenecks and other service quality issues -- network security analytics looks for anomalous patterns indicative of potential threats or breaches.
For example, network security analytics might detect an exfiltration attempt. Used in conjunction with threat management and incident response software, security analytics can flag suspicious traffic so it can be segmented or otherwise contained to mitigate damage.
Using new technologies to beef up capabilities
Several vendors -- including Cisco, FireEye, IBM and Symantec -- offer network security analytics tools that use various techniques to support both real-time threat identification and forensics. Using methodologies such as behavioral modeling and machine learning, network security analytics can spot activity that diverges from the norm, such as flagging encrypted traffic coming through nonstandard ports.
Increasingly, network analytics tools beef up analysis by relying on automation, enabling them to compare traffic data against known web, application and file-based threats. Network security analytics can alert IT professionals about possible issues. If a threat is indicated, network analytics software can sandbox traffic for further analysis and possible detonation. If, after further inspection, the traffic is deemed safe, it can be forwarded back to the network.
Dig Deeper on Network security
Related Q&A from Amy Larsen DeCarlo
Network reliability is how long infrastructure works without disruption. Network availability is the percentage of time infrastructure operates in a ... Continue Reading
Enterprises need to ensure network service-level agreements provide a comprehensive view of network service performance to support business ... Continue Reading
The rise of distributed networks, mobile devices and cyber threats has spurred the ongoing convergence of network management and network security ... Continue Reading