network behavior anomaly detection

Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or trends. NBAD is an integral part of network behavior analysis (NBA), which offers security in addition to that provided by traditional anti-threat applications such as firewalls, antivirus software and spyware-detection software.

An NBAD program tracks critical network characteristics in real time and generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Large-scale examples of such characteristics include traffic volume, bandwidth use and protocol use.

An NBAD program can also monitor the behavior of individual network subscribers. In order for NBAD to be optimally effective, a baseline of normal network or user behavior must be established over a period of time. Once certain parameters have been defined as normal, any departure from one or more of them is flagged as anomalous.

NBAD should be used in addition to conventional firewalls and applications for the detection of malware. Some vendors have begun to recognize this fact by including NBA/NBAD programs as integral parts of their network security packages.

Read more about network behavior anomaly detection: - Security Focus outlines the basics of anomaly detection. - Lancope offers an NBA/NBAD solution called StealthWatch. - SearchNetworking.com provides links to NBA/NBAD-related white papers and vendor information.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Network Intrusion Detection and Analysis,   Network Behavior Anomaly Detection (NBAD),   Enterprise Network Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Trend Micro to acquire Third Brigade for virtualization, cloud security Trend Micro said Third Brigade's technology bolsters its datacenter security strategy by helping its customers protect virtual servers and cloud... Use BotHunter for botnet detection Got bots? Hopefully not, but how can you be sure? Learn about botnet detection with the help of a free tool, BotHunter. Is centralized logging worth all the effort? Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary network behavior analysis  (SearchSecurity.com) Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or... nonce  (SearchSecurity.com) A nonce, in information technology, is a number generated for a specific use, such as session authentication.