In 2016, the World Economic Forum released its Global Risks Report, which describes cyber-attacks as one of the greatest threats faced by society on par with water shortages and massive migration. It poses even greater hazard than terrorist attacks. "In the future, each conflict will have its own cyber dimension. Some will be even be conducted exclusively in cyberspace," the report said. Whether or not it is an overt affirmation, information technology is undoubtedly one of the pillars of today's society. Therefore, heavy attention is obviously paid to their protection.
Firewall and antivirus aren’t enough anymore
The whole area of information security has undergone significant changes in recent years. This has caused a massive increase in cyber-related risks, new types of targeted attacks and malware, professionalism of criminals, growing complexity of IT, and digitization of society as a whole. Shortly after the turn of the millennium, security-experts being aware of these changes began to ask questions which the security tools of that time were unable to answer. How do we react when someone gets across the defense system, firewall? And how do we even know it? Are we sure that all traffic and behavior in our network is OK?
All of this has shown that the long-maintained "firewall plus antivirus" security equation is no longer enough. As Gery Newe, The Director of System Engineering at respected security company F5, says. "Ninety percent of the IT security budget is invested in perimeter protection even if only a quarter of all attacks are there."
Modern technology needed Enlightenment
At the same time, it was also clear that the security of the organization was not possible manually and automation needed to be fully exploited. In order to improve the detection and response capabilities towards cyber threats, technology that looks differently at IT protection has emerged. Unlike traditional methods, it does not rely on known threat databases and restrictive rules, but uses the principles of artificial intelligence and machine learning to uncover those who bypass these solutions. According to analyst studies, these are over 70%.
This technology is known as Network Behavior Analysis or NBA. Its principle is relatively simple. It assumes that all unwanted activity will always be different from normal. The whole process begins by entering some data about the monitored environment, such as the approximate number of user stations. Then the system starts learning the behavior of the network, its users and servers and creates a unique pattern of behavior for each of them. Its knowledge and patterns are constantly being updated. In likewise obtained data, using advanced algorithms, it searches for activity deviating from "normal". For example, one that displays behavioral patterns typical of various types of malicious software. This intelligence then identifies the risk stations with high precision and informs the responsible person. If necessary, in conjunction with other technologies, they will automatically provide reactive measures.
Worldwide, only a few companies, including Flowmon Networks, are developing solutions based on this advanced security technology. Just a few years ago, the network behavior analysis was an almost unknown concept and it was necessary to get acquainted with the market. Today it is used by National Defense-agencies, Banking Institutions, Manufacturing companies and other entities from different segments. With a slight exaggeration, anyone who really considers IT security seriously has an NBA solution already deployed or is planning to deploy.
Adding to The Security Jigsaw-puzzle
The NBA solution does not replace other security tools, but complements them really well. This not only takes the security of the organization to a significantly higher level but also protects existing business investments. Companies must deal seriously with perimeter and end stations security as a priority. But after that, they should start looking at monitoring and detection of malware threats and internal network attacks, which is the focus of the NBA solution.
This is not a marginal technology that protects only against highly sophisticated threats such as custom spy malware for industrial espionage. These cases only represent the tip of the Iceberg. "Normal" companies and institutions, can undesirably be the victims of any of the common attacks, which can indeed cause significant losses, productivity-decline, reputation damage, etc. Today NBA offers protection against a series of common attacks against which, an antivirus for example, cannot help. Typically, these are botnets, hidden malicious code primarily created for DDoS attacks, spam-spread, various forms of malware using application bugs etc.
Technically: What exactly is network-behavior analysis?
Behavioral Network Analysis (NBA) is a method of detecting unwanted behavior in Corporate IT environment. It uses technology to monitor and evaluate network traffic statistics, which is then processes and analyzed using advanced artificial intelligence and machine learning algorithms. NBA allows detection of modern threats that bypass traditional security mechanisms such as firewall, antivirus or IDS / IPS system.
Active approach to data protection
Network behavior analysis is a modern way to protect sensitive systems and data. We have an overview of what's happening in our IT environment. We can not only detect, but also analyze and respond to unwanted behaviors. As a result, we are able to optimize other elements of the organization's security and significantly strengthen its defense capability as a whole.