pixel_dreams - Fotolia

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can behavioral detection improve enterprise network security?

Expert Kevin Beaver explains how behavioral detection and traffic analysis helps combat advanced malware, as well as whether it is a more effective enterprise protection than perimeter security.

I heard about a new security technology that leverages multifunction, multi-session behavioral detection and traffic analysis to improve network security. How is this type of technology different from traditional perimeter security, and is it something enterprises should consider implementing?

The Metaflows Security System (MSS), by Metaflows Inc., is designed to combat advanced malware in that it "detects and prevents cyberthreats using multiple collaborative intelligence sources at once, rather than using a traditional single-source, proprietary intelligence feed," according to the company's website. In essence, it looks for multiple characteristics of network hosts that could indicate an infection or related anomaly.

I'm not a product expert on every offering in the advanced malware space; however, I do know that certain technologies already in existence offer similar features. These include:

However, Metaflows is different from these technologies as it uses what it refers to as "Multiple Session Correlation" to analyze what's mapped and scored against a malware infection lifecycle model to help confirm what is actually taking place and limit false positives.

Technologies such as MSS are wonderful because of how they leverage multiple technologies to look at the bigger picture. Such tools should certainly be part of the security controls of any enterprise network -- especially those on the larger end where complexity and lack of visibility prove to be challenging.

It's hard to argue against the reality of advanced malware attacks and the trouble they can bring to any sized business. If MSS and other similar technologies mean that organizations can move away from traditional antimalware and perimeter protection and towards more reasonable security controls, I'm all for them.

Ask the Expert:
Want to ask Kevin Beaver a question about network security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn how behavior profiling advanced threat detection improves network security

Explore how to prevent attacks with behavior analysis IPS

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

This behavioral detection seems correlation-based. Another behavioral detection approach that holds promise is machine learning-driven behavioral detection that uses the machine data (network, log, SIEM, etc) to find anomalies, weave them into indicators of compromise, and provide a short-list of high probability threats. There are a few startups playing with this approach.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close