maxkabakov - Fotolia
In today's hyperconnected digital environment, the network is both a conduit for malicious traffic and a rich source of security intelligence. Armed with the right set of monitoring and analytics tools, IT managers can mine the network for data that can reveal threats in advance of a breach. Network security analytics tools can also provide valuable forensic data that IT teams can apply to uncover breaches and make changes to improve their overall security posture.
The network itself is an excellent resource for security data. To a large degree, the network is equipped to capture traffic data, aided by instrumentation designed to collect telemetry information that can expose potentially harmful activity.
While traditional network analytics concentrates on culling traffic data for performance optimization and diagnostic purposes -- such as identifying bottlenecks and other service quality issues -- network security analytics looks for anomalous patterns indicative of potential threats or breaches.
For example, network security analytics might detect an exfiltration attempt. Used in conjunction with threat management and incident response software, security analytics can flag suspicious traffic so it can be segmented or otherwise contained to mitigate damage.
Using new technologies to beef up capabilities
Several vendors -- including Cisco, FireEye, IBM and Symantec -- offer network security analytics tools that use various techniques to support both real-time threat identification and forensics. Using methodologies such as behavioral modeling and machine learning, network security analytics can spot activity that diverges from the norm, such as flagging encrypted traffic coming through nonstandard ports.
Increasingly, network analytics tools beef up analysis by relying on automation, enabling them to compare traffic data against known web, application and file-based threats. Network security analytics can alert IT professionals about possible issues. If a threat is indicated, network analytics software can sandbox traffic for further analysis and possible detonation. If, after further inspection, the traffic is deemed safe, it can be forwarded back to the network.
Dig Deeper on Network security
Related Q&A from Amy Larsen DeCarlo
The benefits include simplified network monitoring and automation capabilities. The challenges include data quality questions and integration ... Continue Reading
Public cloud adoption has ramped up in recent years. In these busy environments, certain cloud network monitoring tools can provide IT groups with ... Continue Reading
Homes now have more connected devices, which could become targets for hackers. Consequently, work-from-home employees should take certain steps to ... Continue Reading