Denys Rudyi - Fotolia

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What is network traffic analytics and how does it enhance security?

Network traffic analysis has evolved to incorporate machine learning techniques that help identify network security threats in real time and expedite a response.

IT managers have mined network traffic data for decades to improve bandwidth and enterprise performance. But, more recently, a new class of tools has emerged that aims to help enterprises tap network traffic analytics to better secure their networks by understanding network activity. These tools apply machine learning, heuristics and other techniques to evaluate collected packet data to try to identify malicious traffic that would normally go unnoticed.

Aggregated packet data collected from sensors can provide a clearer window into what's happening across the network in near real time. Network traffic analytics tools assess traffic and flow data, constructing a baseline of normal traffic patterns. These tools employ machine learning and advanced analytics to identify and alert IT of potentially harmful anomalies that stray from the norm.

Network traffic analytics tools yield intelligence that gives IT administrators considerable visibility into east-west network activity by parsing flow and traffic data culled from network sensors. These tools can also examine north-south traffic as it traverses the perimeter.

With significant advances in monitoring and analytics, network traffic analytics tools provide a complete perspective on activity from Layer 2 to 7 to reveal which devices are communicating with one another and the volume and content of their communications. Some of these tools can establish behavior patterns associated with encrypted traffic without having to actually decode that traffic.

The current focus of network traffic analytics technology is threat identification in real time, not forensic analysis.

The current focus of network traffic analytics technology is threat identification in real time, not forensic analysis. When used with complementary threat management services, such as endpoint security tools, network traffic analytics can provide an even richer perspective on activity and help expedite a response.

Network traffic analytics can also integrate with incident-response services to mitigate the threat when there's a high degree of confidence in the alert by isolating a compromised device from the network. While many organizations are reluctant to move toward an automated response capability once an alert is received, some are more willing to mechanize intermediate steps or enact security controls -- such as blocking certain domains -- that are potentially less disruptive than taking a system offline.

This was last published in May 2019

Dig Deeper on Network management software and network analytics

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How could you implement network traffic analysis to improve network security?
Cancel

-ADS BY GOOGLE

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchITChannel

Close