Security Management Strategies for the CIO
This article can also be found in the Premium Editorial Download "Information Security magazine: Betting the house on network anomaly detection systems."
Download it now to read this article plus other related content.
 |
|
|
|
|||
|
|
|
|
|||
|
|
Marketplace | ||||
Requires Free Membership to View
|
||||||
|
|
|
|
|||
|
||||||
|
|
|
|
|||
|
The following is a representative list of pure-play network anomaly detection systems vendors and products. Arbor Networks - www.arbornetworks.com Peakflow monitors network traffic for deviations in load, providing insight into changes in network behavior. Captus Networks - www.captusnetworks.com Captus IPS 4000 series is a combined solution for network management and security, which prevents DDoS attacks, port scans, unknown worms and unsanctioned traffic. Lancope - www.lancope.com StealthWatch provides enterprises with a hybrid anomaly detection and response system that bases its actions on behavior deviations and protocol analysis. Mazu Networks - www.mazunetworks.com Its two products, Profiler and Enforcer, work in concert to monitor for deviations and automatically respond to threats. Q1 Labs - www.q1labs.com QRadar provides security managers with a continuous analysis of network traffic flow, giving real-time analysis of traffic type and bandwidth consumption. Narus - www.narus.com Born as a network management company, Narus provides anomaly detection products and technology to carriers. netZentry - www.netzentry.com Its FloodGuard technology provides enterprises with non-signature-based defenses against DDoS attacks, botnets and syn floods.w |
||||||
|
||||||
|
|
|
|
|||
|
||||||
|
||||||
Place a Small Bet on NADS
NAD devices are powerful knowledge tools for expert network operations people with
enterprise-specific contextual knowledge. These systems can help enterprises learn about the
traffic and behavior of their network. Even though they can catch detailed events, such as a new
service opening up, a new protocol appearing or a new machine connecting to the network, these
events are too common to have value in larger enterprises. NADS shine where obvious behaviors —
like when a worm-infected machine spewing attack traffic or a DoS attack — are under way. The value
these systems offer for addressing more subtle behavior is dependent upon the knowledge and
experience of the operator. Under the right circumstances, NADS provide a wealth of network
behavior information (protocols, ports, services, throughput, latency, etc.) that can be used to
understand what's really going on in your network.
While network operations and security experts may find this cornucopia of network information empowering, it may be overwhelming to a person without the context and tribal knowledge of the enterprise-specific network infrastructure.
This was first published in July 2005
Join the conversationComment
Share
Comments
Results
Contribute to the conversation