Adaptive and Behavioral Approach to New Threats
by Scott Paly - CEO of Global DataGuard, Inc. - Monday, 13 December 2004.
To meet the dynamic needs of today’s networks, a new generation of technology has now added a sophisticated adaptive capability to the science of behavioral intrusion detection.

These adaptive solutions collect data from host and network ID devices on an ongoing basis, and then constantly analyze and correlate that information to create a continually evolving – and thus always current – behavioral profile of the network. This predictive and adaptive approach essentially creates a custom security system for every organization, and provides optimum protection in an environment where both network traffic and security threats are constantly changing.

By capturing and analyzing raw packet data, versus aggregated log files, over long periods of time, this preventive approach can identify previously unknown threats, covert channel attacks and sophisticated evasion techniques. The enormous volume of historical data is automatically correlated across all customer devices and internet-wide intrusion attempts.

In fact, a true behavioral analysis system handles data in volumes similar to those managed by security information management (SIM) systems, except that behavioral systems correlate and analyze that data based on continually changing learned normal behaviors, rather than through the use of business rules.

Adaptive behavioral ID catches things other systems simply cannot see. It’s a way for network managers to stay one step ahead of the bad guys.

In a true behavioral system, sensors should be deployed not just on the enterprise side of a firewall (where they would identify only those threats that have already breached the wall), but also outside the firewall where all intrusion attempts can be monitored.

You should think of the firewall as a cop, and if you stand behind the cop you see only the things that the cop misses. By putting sensors outside the firewall, you detect and analyze early-stage probes of the network. And those early detections can often thwart future attacks.

“Network security is best viewed as a process, and that process must be managed,” says Stute. “There are people out there who are constantly working to compromise your network, so you must work constantly to protect it.”

Spotlight

Emerging cloud threats and how to address them

Posted on 15 September 2014.  |  Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike. Here are some emerging security threats and issues cloud providers and their clients should be aware of.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //