Denys Rudyi - Fotolia
IT managers have mined network traffic data for decades to improve bandwidth and enterprise performance. But, more recently, a new class of tools has emerged that aims to help enterprises tap network traffic analytics to better secure their networks by understanding network activity. These tools apply machine learning, heuristics and other techniques to evaluate collected packet data to try to identify malicious traffic that would normally go unnoticed.
Aggregated packet data collected from sensors can provide a clearer window into what's happening across the network in near real time. Network traffic analytics tools assess traffic and flow data, constructing a baseline of normal traffic patterns. These tools employ machine learning and advanced analytics to identify and alert IT of potentially harmful anomalies that stray from the norm.
Network traffic analytics tools yield intelligence that gives IT administrators considerable visibility into east-west network activity by parsing flow and traffic data culled from network sensors. These tools can also examine north-south traffic as it traverses the perimeter.
With significant advances in monitoring and analytics, network traffic analytics tools provide a complete perspective on activity from Layer 2 to 7 to reveal which devices are communicating with one another and the volume and content of their communications. Some of these tools can establish behavior patterns associated with encrypted traffic without having to actually decode that traffic.
The current focus of network traffic analytics technology is threat identification in real time, not forensic analysis. When used with complementary threat management services, such as endpoint security tools, network traffic analytics can provide an even richer perspective on activity and help expedite a response.
Network traffic analytics can also integrate with incident-response services to mitigate the threat when there's a high degree of confidence in the alert by isolating a compromised device from the network. While many organizations are reluctant to move toward an automated response capability once an alert is received, some are more willing to mechanize intermediate steps or enact security controls -- such as blocking certain domains -- that are potentially less disruptive than taking a system offline.
Dig Deeper on Network management software and network analytics
Related Q&A from Amy Larsen DeCarlo
As they monitor and filter network traffic, some firewalls can provide some pretty advanced security controls. But added packet inspection can slow ... Continue Reading
As hybrid cloud adoption ramps up, businesses should consider hybrid cloud monitoring tools that provide network performance insight across the ... Continue Reading
They're usually free and customizable, but can lack customer support. Take a look at the best and worst features of open source network monitoring ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.