Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
By: Dipesh Joshi
Network Traffic Analysis
Method of monitoring network availability and activity to identify anomalies, including security and operational issues.
Process of capturing, decoding, and analyzing network traffic.
Uses a combination of machine learning, behavioral modeling, and rule-based detection to spot anomalies or suspicious activities on the network.
Gives you the insight you need to optimize network performance, minimize your attack surface, enhance security, and improve the management of your resources.
Collecting a real-time and historical record of what’s happening on your network
Detecting malware such as ransomware activity
Detecting the use of vulnerable protocols and ciphers
Troubleshooting a slow network
Improving internal visibility and eliminating blind spots
Use a combination of machine learning and behavioral analytics to generate a baseline that reflects what normal network behavior looks like for the organization.
When abnormal traffic patterns or irregular network activities are detected, these tools alert your security team to the potential threat.
In addition to monitoring north-south traffic that crosses the enterprise perimeter, NTA solutions monitor east-west communications by analyzing network traffic or flow records.
Once an NTA solution determines what normal behavior on your network looks like, it can alert your organization when anomalous behavior occurs.
By alerting your security team to suspicious activity early on--whether the threat is coming from outside or inside your network
Network traffic analysis can attribute the malicious behavior to a specific IP and also perform forensic analysis and allow you to see if other devices are infected. This leads to faster response in order to prevent any business impact.
• Why is the network slow?
•What is the network traffic pattern?
•How is the traffic being shared between nodes?
Monitoring data exfiltration/internet activity
Detection of ransomware activity
Monitor access to files on file servers or MSSQL databases
Track a user’s activity on the network, though User Forensics reporting
Provide an inventory of what devices, servers and services are running on the network
Generate network activity reports for management and auditors for any time period
Management protocols such as Telnet which is an unencrypted protocol reveal CLI commands
Telnet
Hypertext Transport Protocol (HTTP, port 80)
Simple Network Management Protocol (SNMP, ports 161/162)
Rise of ransomware attacks via insecure protocols
CLI strings reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more.
Improved visibility into devices connecting to your network (e.g. IoT devices, healthcare visitors)
Meet compliance requirements
Troubleshoot operational and security issues
Respond to investigations faster with rich detail and additional network context
A combination of hardware and software tools that can detect, decode, and manipulate traffic on the network.
Available both free and commercially
Mainly software-based.
Also known as sniffer.
(A program that monitors that data traveling through the network passively)
(On the basis of interface)
Graphical Tools
Command Line Tools
Eg: Wireshark.
Eg: TCPdump,Tshark, Dumpcap, etc.