Gartner Research

Network Behavior Analysis: Moving Beyond Signatures

Published: 02 March 2009

ID: G00203687

Analyst(s): Eric Maiwald

Summary

Network monitoring is a requirement for many enterprises and good practice for all. Network behavior analysis (NBA) goes beyond looking for known bad signatures of attacks and into the realm of understanding what is happening on the network. Although NBA cannot completely replace signature-based systems, it can augment them to give security teams a more complete view of the network. Networking teams can also benefit because NBA products help analyze how systems and applications are used and assist in troubleshooting. In this report, Security and Risk Management Strategies Research Director Eric Maiwald examines the benefits of NBA.

Table Of Contents

Summary of Findings

Analysis

  • Drivers to Using NBA
  • Detection and Analysis Mechanisms
  • Behavior Analysis vs. Signatures
  • Policy Enforcement
  • Challenges to Implementation
  • Market Impact
    • Market Definition
    • Existing Market Segmentation
    • Market Dynamics
  • Recommendations
    • Do Your Homework to Size the Solution Appropriately
    • Determine the Policy to Be Used
    • Do Not Assume NBA Will Solve All Intrusion Detection Problems
    • Look for Common Solutions for Both Security and Networking Needs
    • Make NBA a Component of an Overall Monitoring Strategy
    • NBA Can Be Useful Where There Is Limited Knowledge of an Environment
    • NBA Can Be Useful When the Network Changes

The Details

  • Anomaly Detection Decision Parameters
    • Sensor Placement
    • Sensor Layers
    • Control Mechanisms
    • Time Issues
    • Interactions with Auditing and Testing
    • Data Retention
    • Detection Methods
    • Automated Response
    • Actuator Placement
    • User Interfaces
  • Vendors
    • Arbor Networks
    • Cisco Systems
    • Lancope
    • Mazu Networks
    • McAfee
    • NetFort Technologies
    • NitroSecurity
    • Q1 Labs
    • Sourcefire

Conclusion

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client