Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

Concept of Network Traffic Analysis

By: Dipesh Joshi

Network Traffic Analysis

What is Network Traffic Analysis?

Concept

Network Traffic Analysis

Method of monitoring network availability and activity to identify anomalies, including security and operational issues.

Process of capturing, decoding, and analyzing network traffic.

Uses a combination of machine learning, behavioral modeling, and rule-based detection to spot anomalies or suspicious activities on the network.

Gives you the insight you need to optimize network performance, minimize your attack surface, enhance security, and improve the management of your resources.

Use cases for NTA

Collecting a real-time and historical record of what’s happening on your network

Detecting malware such as ransomware activity

Common Use Cases of NTA

Detecting the use of vulnerable protocols and ciphers

Troubleshooting a slow network

Improving internal visibility and eliminating blind spots

What does NTA solution do?

What does an NTA solution do?

Use a combination of machine learning and behavioral analytics to generate a baseline that reflects what normal network behavior looks like for the organization.

When abnormal traffic patterns or irregular network activities are detected, these tools alert your security team to the potential threat.

In addition to monitoring north-south traffic that crosses the enterprise perimeter, NTA solutions monitor east-west communications by analyzing network traffic or flow records.

How NTA improves security?

How does NTA solution improves security?

Once an NTA solution determines what normal behavior on your network looks like, it can alert your organization when anomalous behavior occurs.

By alerting your security team to suspicious activity early on--whether the threat is coming from outside or inside your network

Network traffic analysis can attribute the malicious behavior to a specific IP and also perform forensic analysis and allow you to see if other devices are infected. This leads to faster response in order to prevent any business impact.

Why NTA ?

Why Network Traffic Analysis?

• Why is the network slow?

•What is the network traffic pattern?

•How is the traffic being shared between nodes?

Purpose

Purpose of an NTA

Objective 2

Objective 4

Objective 6

Monitoring data exfiltration/internet activity

Detection of ransomware activity

Monitor access to files on file servers or MSSQL databases

Objective 1

Objective 3

Objective 5

Track a user’s activity on the network, though User Forensics reporting

Provide an inventory of what devices, servers and services are running on the network

Generate network activity reports for management and auditors for any time period

Importance

Importance of an NTA

Management protocols such as Telnet which is an unencrypted protocol reveal CLI commands

Telnet

Hypertext Transport Protocol (HTTP, port 80)

Simple Network Management Protocol (SNMP, ports 161/162)

Rise of ransomware attacks via insecure protocols

CLI strings reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more.

Benefits of an NTA

Improved visibility into devices connecting to your network (e.g. IoT devices, healthcare visitors)

Meet compliance requirements

Benefits

Troubleshoot operational and security issues

Respond to investigations faster with rich detail and additional network context

Network Traffic Analyzer

Network Traffic Analyzers

Definition

Network Traffic Analyzer

A combination of hardware and software tools that can detect, decode, and manipulate traffic on the network.

Available both free and commercially

Mainly software-based.

Also known as sniffer.

(A program that monitors that data traveling through the network passively)

Types

Types of NTA Tools

(On the basis of interface)

Graphical Tools

Command Line Tools

Eg: Wireshark.

Eg: TCPdump,Tshark, Dumpcap, etc.

What to look for in an NTA

Advanced threat detection

The data source

Full packet capture, cost and complexity

Real-time data vs. historical data

Availability of flow-enabled devices

The points on the network

What to look for in an NTA

Thank You

For the sake of humanity , Say no to further Questions!!!

Learn more about creating dynamic, engaging presentations with Prezi