Denys Rudyi - Fotolia
IT managers have mined network traffic data for decades to improve bandwidth and enterprise performance. But, more recently, a new class of tools has emerged that aims to help enterprises tap network traffic analytics to better secure their networks by understanding network activity. These tools apply machine learning, heuristics and other techniques to evaluate collected packet data to try to identify malicious traffic that would normally go unnoticed.
Aggregated packet data collected from sensors can provide a clearer window into what's happening across the network in near real time. Network traffic analytics tools assess traffic and flow data, constructing a baseline of normal traffic patterns. These tools employ machine learning and advanced analytics to identify and alert IT of potentially harmful anomalies that stray from the norm.
Network traffic analytics tools yield intelligence that gives IT administrators considerable visibility into east-west network activity by parsing flow and traffic data culled from network sensors. These tools can also examine north-south traffic as it traverses the perimeter.
With significant advances in monitoring and analytics, network traffic analytics tools provide a complete perspective on activity from Layer 2 to 7 to reveal which devices are communicating with one another and the volume and content of their communications. Some of these tools can establish behavior patterns associated with encrypted traffic without having to actually decode that traffic.
The current focus of network traffic analytics technology is threat identification in real time, not forensic analysis. When used with complementary threat management services, such as endpoint security tools, network traffic analytics can provide an even richer perspective on activity and help expedite a response.
Network traffic analytics can also integrate with incident-response services to mitigate the threat when there's a high degree of confidence in the alert by isolating a compromised device from the network. While many organizations are reluctant to move toward an automated response capability once an alert is received, some are more willing to mechanize intermediate steps or enact security controls -- such as blocking certain domains -- that are potentially less disruptive than taking a system offline.
Dig Deeper on Network management software and network analytics
Related Q&A from Amy Larsen DeCarlo
Legacy network monitoring and new analytics tools don't often mix. One workaround is APIs, but a better option is to upgrade older management ... Continue Reading
Many IT teams deal with a bevy of network management tools, which complicates data integration and leads to errors. A network management strategy ... Continue Reading
With help from telecom providers and connectivity, hybrid cloud networking enables organizations to add network capacity by tapping into public cloud... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.