These adaptive solutions collect data from host and network ID devices on an ongoing basis, and then constantly analyze and correlate that information to create a continually evolving – and thus always current – behavioral profile of the network. This predictive and adaptive approach essentially creates a custom security system for every organization, and provides optimum protection in an environment where both network traffic and security threats are constantly changing.
By capturing and analyzing raw packet data, versus aggregated log files, over long periods of time, this preventive approach can identify previously unknown threats, covert channel attacks and sophisticated evasion techniques. The enormous volume of historical data is automatically correlated across all customer devices and internet-wide intrusion attempts.
In fact, a true behavioral analysis system handles data in volumes similar to those managed by security information management (SIM) systems, except that behavioral systems correlate and analyze that data based on continually changing learned normal behaviors, rather than through the use of business rules.
Adaptive behavioral ID catches things other systems simply cannot see. It’s a way for network managers to stay one step ahead of the bad guys.
In a true behavioral system, sensors should be deployed not just on the enterprise side of a firewall (where they would identify only those threats that have already breached the wall), but also outside the firewall where all intrusion attempts can be monitored.
You should think of the firewall as a cop, and if you stand behind the cop you see only the things that the cop misses. By putting sensors outside the firewall, you detect and analyze early-stage probes of the network. And those early detections can often thwart future attacks.
“Network security is best viewed as a process, and that process must be managed,” says Stute. “There are people out there who are constantly working to compromise your network, so you must work constantly to protect it.”