Adaptive and Behavioral Approach to New Threats
by Scott Paly - CEO of Global DataGuard, Inc. - Monday, 13 December 2004.
To meet the dynamic needs of today’s networks, a new generation of technology has now added a sophisticated adaptive capability to the science of behavioral intrusion detection.

These adaptive solutions collect data from host and network ID devices on an ongoing basis, and then constantly analyze and correlate that information to create a continually evolving – and thus always current – behavioral profile of the network. This predictive and adaptive approach essentially creates a custom security system for every organization, and provides optimum protection in an environment where both network traffic and security threats are constantly changing.

By capturing and analyzing raw packet data, versus aggregated log files, over long periods of time, this preventive approach can identify previously unknown threats, covert channel attacks and sophisticated evasion techniques. The enormous volume of historical data is automatically correlated across all customer devices and internet-wide intrusion attempts.

In fact, a true behavioral analysis system handles data in volumes similar to those managed by security information management (SIM) systems, except that behavioral systems correlate and analyze that data based on continually changing learned normal behaviors, rather than through the use of business rules.

Adaptive behavioral ID catches things other systems simply cannot see. It’s a way for network managers to stay one step ahead of the bad guys.

In a true behavioral system, sensors should be deployed not just on the enterprise side of a firewall (where they would identify only those threats that have already breached the wall), but also outside the firewall where all intrusion attempts can be monitored.

You should think of the firewall as a cop, and if you stand behind the cop you see only the things that the cop misses. By putting sensors outside the firewall, you detect and analyze early-stage probes of the network. And those early detections can often thwart future attacks.

“Network security is best viewed as a process, and that process must be managed,” says Stute. “There are people out there who are constantly working to compromise your network, so you must work constantly to protect it.”


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th