Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Network behavior anomaly detection (NBAD) is the real-time monitoring of a network for any unusual activity, trends or events. The network behavior anomaly detection tools are used as additional threat detection tools to monitor network activities and generate general alerts that often require further evaluation by the IT team.
The systems have the ability to detect threats and stop suspicious activities in situations where traditional security software is ineffective. Additionally, the tools suggest which suspicious activities or events require further analysis.
The network behavior anomaly detection tools are used in conjunction with traditional perimeter security systems, such as antivirus software, to provide an additional security mechanism. However, unlike the antivirus that protects the network against known threats, the NBAD checks on suspicious activities that are likely to compromise the operations of the network either by infecting the system or through data theft.
It monitors the network traffic for any deviations from the expected volume of a measured network parameter such as the packets, bytes, flow and protocol usage. Once an activity is suspected to be a threat, an event’s details including the offender and target IPs, the port, protocol, time of attack and more, are generated.
The tools use a combination of signature and anomaly detection methods to check on any unusual network activity and alert the security and network managers so that they can analyze the activity and stop it or respond before a threat affects the system and data.
The three major components of network behavior monitoring are the traffic flow patterns, the network performance data and the passive traffic analysis. This allows an organization to detect threats such as: