According to Gartner1, “Applying behavioral analysis to network traffic is helping enterprises detect suspicious traffic that other security tools are missing.”
The case for network traffic analysis to uncover hidden threats
You are charged with protecting your organization and have made multiple investments to do so. But you might be under-utilizing one of the biggest investments your organization has already made – the network infrastructure. With 1 in 4 organizations running the risk of a major breach in the next 24 months, it’s not a matter of if but when you will be breached. And you need to be able to detect and respond quickly to incidents.
The network is a rich data source, and by analyzing how the different entities are “behaving” within the network, we can identify malicious activities associated with a breach. This helps detect attacks in near real-time. Today, average time to detect a breach is 197 days2. Can you really afford to wait more than 6 months to know whether you have been compromised? Additionally, network security analytics can expedite investigations to pinpoint the source of the threat so you can take appropriate actions. This considerably cuts down the time to contain a threat from the average 69 days3 to a few hours!
Cisco’s network traffic analysis (NTA) solution, Stealthwatch provides enterprise-wide visibility, from the private network to the public cloud, and applies advanced security analytics to detect and respond to threats in real-time. Using a combination of behavioral modeling, machine learning and global threat intelligence powered by Cisco Talos, Stealthwatch can quickly and with high confidence, detect threats such as command and control attacks, ransomware, DDoS attacks, illicit cryptomining, unknown malware, as well as insider threats. With a single, agentless solution, you get comprehensive threat monitoring across the data center, branch, endpoint and cloud, and even find threats hidden in encrypted traffic.
Stealthwatch has some key attributes that you should demand from your network traffic analysis solution for the following outcomes:
Contextual network-wide visibility
First and foremost, network traffic analysis provides visibility into every device on the network and what it is doing. Legacy servers, IoT, mobile, and remote users – a lot of organizations simply don’t know what’s on their network, let alone be able to protect it. And this visibility extends across all the dynamic environments that are typical of the modern digital enterprise – from the campus, branch and data center to the cloud. And with the rise in encrypted traffic and the internet going dark, you also need visibility into threats hiding in encrypted traffic.
Predictive threat analytics
Secondly, there are some unique threats that can only be detected if you are continuously monitoring network activity. Your traditional security tools will not be able to catch insider threats – caused due to a rogue employee trying to exfiltrate sensitive data or a compromised admin credential that the attackers are now using to swoop the entire organization. Additionally, you have created a lot of security policies to prevent threats, or simply to remain compliant. But how do you know those are being enforced? That the controls you have set up are actually working? Also, as mentioned earlier, network traffic analysis tries to identify malicious behavior and therefore, can help detect threats like unknown malware.
Lastly, let’s talk about incident response. What do you do if you know that you have been compromised? Where do you begin investigating? With network traffic analysis, you can attribute the malicious behavior to a specific IP and perform forensic analysis to determine how the threat has moved laterally within the organization. What other devices might be infected, where is the communication occurring externally, etc. This leads to faster response in order to prevent any business impact.
Download your complimentary copy of the first ever Gartner 2019 Market Guide for the NTA (Network Traffic Analysis) market here.
Gartner Market Guide for Network Traffic Analysis, Lawrence Orans, Jeremy D’Hoinne, Sanjit Ganguli, 28 February 2019.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.