Alarm Conditions | Network Behavior Analysis
Scrutinizer Helps Answer Tough Questions
- Which assets are under attack?
- What threats did I miss?
- Are users following corporate policy?
- Is my business in compliance with regulations?
- How do I get through this mountain of data?
- How can I deal with all of these point products?
- Are my infrastructure investments adequate?
- How do I improve my security posture?
Intrusion detection and prevention has gone beyond the firewall
When two days on-site professional services are purchased with Scrutinizer, our team will configure behavorial watches that help identify internal viruses and possible denial of service attacks. Contact us for details.
Scrutinizer Network Behavior Analysis Brochure
Network Behavior Analysis Coming Soon
Scrutinizer NBA is an expert system that interrogates every conversation from every host for traffic behavior pattern anomalies. Imagine all conversations across your enterprise being monitored at all times for traffic that shouldn't be there.
Quickly sort on peculiarities of the problem and narrow down on the culprit to a specific interface.
Scrutinizer NBA continually tallies and sizes up the conversations from all flow sending devices and helps identify:
- Zero-day worms, SYN Floods and DoS attacks
- ICMP Destination Unreachable
- Bleeding Edge Attacks
- Policy violations and internal misuse
- Poorly configured and unauthorized devices
- Suspicious NetBIOS-based services
- Excessive Multicast Traffic
- Machines/users running P2P applications (even if encrypted)
- All IP communications to/from tens of thousands of user accounts
- Serious vs. trivial network incidents
- Root causes of network slowdowns
Product Overview
Simply counting protocol volumes, user traffic levels or for interface thresholds is helpful, but many anomalies exist in a realm where typical counter detection systems don't look. Scrutinizer NBA complements existing security measures.
- No agents need to be installed or deployed anywhere
- Works by collecting NetFlow, sFlow, IPFIX and NetStream from existing routers/switches
- Works differently than a typical IDS, because its focus is on numerous conversation patterns and not on individual packets
- Looks at all traffic, not just periodic snap shots
- Useful at the network perimeter, as well as across highly switched internal networks
- Requires almost no initial configuration; however, it has a flexible modeling architecture to create additional behavior monitors
Since typical NetFlow exports don't contain the detail necessary for more involved IDS functions, such as parsing applications, Scrutinizer NBA makes forwarding decisions by utilizing proprietary algorithms that watch patterns of behavior.
Mitigation
Since Scrutinizer knows the ingress interface of the threat, it can take action by disabling ports or making changes to the firewall and/or necessary routers to assist in mitigating and stopping the virus.
