maxkabakov - Fotolia

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can network security analytics detect and thwart threats?

Network security analytics gives organizations an additional level of protection against malicious attacks. It works closely with network analytics tools.

In today's hyperconnected digital environment, the network is both a conduit for malicious traffic and a rich source of security intelligence. Armed with the right set of monitoring and analytics tools, IT managers can mine the network for data that can reveal threats in advance of a breach. Network security analytics tools can also provide valuable forensic data that IT teams can apply to uncover breaches and make changes to improve their overall security posture.

The network itself is an excellent resource for security data. To a large degree, the network is equipped to capture traffic data, aided by instrumentation designed to collect telemetry information that can expose potentially harmful activity.

While traditional network analytics concentrates on culling traffic data for performance optimization and diagnostic purposes -- such as identifying bottlenecks and other service quality issues -- network security analytics looks for anomalous patterns indicative of potential threats or breaches.

For example, network security analytics might detect an exfiltration attempt. Used in conjunction with threat management and incident response software, security analytics can flag suspicious traffic so it can be segmented or otherwise contained to mitigate damage.

Using new technologies to beef up capabilities

Several vendors -- including Cisco, FireEye, IBM and Symantec -- offer network security analytics tools that use various techniques to support both real-time threat identification and forensics. Using methodologies such as behavioral modeling and machine learning, network security analytics can spot activity that diverges from the norm, such as flagging encrypted traffic coming through nonstandard ports.

Increasingly, network analytics tools beef up analysis by relying on automation, enabling them to compare traffic data against known web, application and file-based threats. Network security analytics can alert IT professionals about possible issues. If a threat is indicated, network analytics software can sandbox traffic for further analysis and possible detonation. If, after further inspection, the traffic is deemed safe, it can be forwarded back to the network.

This was last published in July 2019

Dig Deeper on Network Security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has the nature of malicious traffic changed in the past few years?
Cancel

-ADS BY GOOGLE

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close