network behavior anomaly detection

Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or trends. NBAD is an integral part of network behavior analysis (NBA), which offers security in addition to that provided by traditional anti-threat applications such as firewalls, antivirus software and spyware-detection software.

An NBAD program tracks critical network characteristics in real time and generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Large-scale examples of such characteristics include traffic volume, bandwidth use and protocol use.

An NBAD program can also monitor the behavior of individual network subscribers. In order for NBAD to be optimally effective, a baseline of normal network or user behavior must be established over a period of time. Once certain parameters have been defined as normal, any departure from one or more of them is flagged as anomalous.

NBAD should be used in addition to conventional firewalls and applications for the detection of malware. Some vendors have begun to recognize this fact by including NBA/NBAD programs as integral parts of their network security packages.

Read more about network behavior anomaly detection: - Security Focus outlines the basics of anomaly detection. - Lancope offers an NBA/NBAD solution called StealthWatch. - SearchNetworking.com provides links to NBA/NBAD-related white papers and vendor information.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Is centralized logging worth all the effort? Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a... How will the centralized logging of network flow data benefit an enterprise? Network security expert Mike Chapple strongly recommends network flow logging as part of a well-rounded security program. There are two common... Can reputation services be applied to network security? Reputation scores can be used to block spam, but can these services be applied to the security of the network? In this expert Q&A, Mike Chapple...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary network behavior analysis  (SearchSecurity.com) Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or... nonce  (SearchSecurity.com)