There’s a difference between what’s usual and what’s unexpected.
Blog originally published by FlowTraq™, authored by Dr. John Murphy
The security guard or the receptionist at your building entrance know the people who work there and their usual habits. They know delivery schedules and the usual drivers. They know which doors are usually kept closed. And they know all this even though these things change over time. They know when things deviate from the usual, and this knowledge has saved employers from theft, arson, and other loss on countless occasions.
Your network demands the same level of protection. Computers and mobile devices have very predictable patterns of behavior which change over time. For instance, Web servers serve web content, and printers are used mostly when there are people physically present in the office. Email servers and email clients see predictable volumes at specific times of the day. Protecting a computer network from data theft and data leakage requires knowledge of the usual so you can spot the unusual.
FlowTraq’s NBI toolkit uses powerful Network Behavioral Intelligence technology to learn what is usual in large volumes of traffic. With the Q1/13 release of FlowTraq, a new ‘Threats’ page is available in our Web interface that allows you to quickly manage your NBI security guards; point them at your most sensitive assets, and ensure they keep a watchful eye for any unusual and undesired activity. It’s easy, and it’s powerful.
Within seconds FlowTraq will be picking up on seemingly innocuous network traffic that deviates from the norm, pointing out DDoS attacks, SYN floods, botnet control connections, and undesired data exfiltrations. Threats are managed through an innovative ‘Anomaly Index’ that shows you at a glance just how unusual the behavior is, and how confident the detector is about that anomaly. This allows you to quickly prioritize alerts and focus your time where it is most needed.