Network behavioural analysis – a systematic, architectural approach to network security – involves deep packet analysis to identify advanced persistent threats (APTs) and zero-day attacks. Similar analytical capabilities are used by the financial and banking sectors to spot fraudulent transactions and card activity. From an IT perspective, the sophisticated cyber attacks that have plagued Apple, Facebook and Microsoft (with the goal of carrying out industrial espionage) have been detected through behavioural analytics.
Cyber attacks are continuing to evolve, there is no doubt about that, and cybercriminals are becoming extremely effective at successfully evading traditional detection methods. This is why many forward-thinking organisations are investing in security analytics, which enables IT security departments to detect the underlying behaviour used by sophisticated hackers that was once hidden. Behavioural analytics also assists by compensating for the limitations in existing security appliances (such as firewalls and intrusion detection systems).
Remember, a complex network is a type of self-organising system. Network behavioural analysis uses a range of techniques to find unusual or altered network activities. These are often indicators of an advanced persistent threat. Businesses will never be able to stop every single hacker at the network perimeter, so it is essential to spot abnormal activities occurring on the network before they develop.
How Does Network Behavioural Analysis Actually Work?
A range of analytic technical, big data collection and review and machine learning technologies enable advanced security monitoring and threat detection by :
- Continuously analysing and correlating packet data, intrusion detection system/intrusion prevention system alerts, scans, vendor threats and data feeds
- Using raw packet data rather than log files as packets contain greater volumes of data for analysis
- Analysing data over a period of days, weeks and months to correlate seemingly unrelated events across a range of threat vectors to detect potential threats
- Being geared to an individual network; a behavioural system should become customised to the specific network to adapt and function without human intervention
- Taking advantage of “learned intelligence” to measure increasing hostile activity and behaviour that lead up to a breach
As breaches continue to occur across every sector and industry, network behavioural analysis is becoming an essential tool for every CISO and their organisation. Using advance threat techniques might just mean the difference between keeping your network protected or becoming the next unfortunate breach target.[su_box title=”Tim Bury, Managing Director EMEA, Masergy Communications” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.