This article can also be found in the Premium Editorial Download "Information Security magazine: Betting the house on network anomaly detection systems."

Download it now to read this article plus other related content.


    Requires Free Membership to View

The following is a representative list of pure-play network anomaly detection systems vendors and products.

Arbor Networks - www.arbornetworks.com

Peakflow monitors network traffic for deviations in load, providing insight into changes in network behavior.

Captus Networks - www.captusnetworks.com

Captus IPS 4000 series is a combined solution for network management and security, which prevents DDoS attacks, port scans, unknown worms and unsanctioned traffic.

Lancope - www.lancope.com

StealthWatch provides enterprises with a hybrid anomaly detection and response system that bases its actions on behavior deviations and protocol analysis.

Mazu Networks - www.mazunetworks.com

Its two products, Profiler and Enforcer, work in concert to monitor for deviations and automatically respond to threats.

Q1 Labs - www.q1labs.com

QRadar provides security managers with a continuous analysis of network traffic flow, giving real-time analysis of traffic type and bandwidth consumption.

Narus - www.narus.com

Born as a network management company, Narus provides anomaly detection products and technology to carriers.

netZentry - www.netzentry.com

Its FloodGuard technology provides enterprises with non-signature-based defenses against DDoS attacks, botnets and syn floods.w

Place a Small Bet on NADS
NAD devices are powerful knowledge tools for expert network operations people with enterprise-specific contextual knowledge. These systems can help enterprises learn about the traffic and behavior of their network. Even though they can catch detailed events, such as a new service opening up, a new protocol appearing or a new machine connecting to the network, these events are too common to have value in larger enterprises. NADS shine where obvious behaviors — like when a worm-infected machine spewing attack traffic or a DoS attack — are under way. The value these systems offer for addressing more subtle behavior is dependent upon the knowledge and experience of the operator. Under the right circumstances, NADS provide a wealth of network behavior information (protocols, ports, services, throughput, latency, etc.) that can be used to understand what's really going on in your network.

While network operations and security experts may find this cornucopia of network information empowering, it may be overwhelming to a person without the context and tribal knowledge of the enterprise-specific network infrastructure.

This was first published in July 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: