ALERT

[WEBINAR] Index Insanity: How to Avoid Database Chaos

Network Behavior Anomaly Detection (NBAD)

Definition - What does Network Behavior Anomaly Detection (NBAD) mean?

Network behavior anomaly detection (NBAD) is the real-time monitoring of a network for any unusual activity, trends or events. The network behavior anomaly detection tools are used as additional threat detection tools to monitor network activities and generate general alerts that often require further evaluation by the IT team.

The systems have the ability to detect threats and stop suspicious activities in situations where traditional security software is ineffective. Additionally, the tools suggest which suspicious activities or events require further analysis.

Techopedia explains Network Behavior Anomaly Detection (NBAD)

The network behavior anomaly detection tools are used in conjunction with traditional perimeter security systems, such as antivirus software, to provide an additional security mechanism. However, unlike the antivirus that protects the network against known threats, the NBAD checks on suspicious activities that are likely to compromise the operations of the network either by infecting the system or through data theft.

It monitors the network traffic for any deviations from the expected volume of a measured network parameter such as the packets, bytes, flow and protocol usage. Once an activity is suspected to be a threat, an event’s details including the offender and target IPs, the port, protocol, time of attack and more, are generated.

The tools use a combination of signature and anomaly detection methods to check on any unusual network activity and alert the security and network managers so that they can analyze the activity and stop it or respond before a threat affects the system and data.

The three major components of network behavior monitoring are the traffic flow patterns, the network performance data and the passive traffic analysis. This allows an organization to detect threats such as:

  • Inappropriate network behavior — The tools detect unauthorized applications, anomalous network activity, or applications using unusual ports. Once detected, the protection system may be used to identify and automatically disable the user account associated with the network activity.
  • Data exfiltration — Monitors outbound communications data and triggers an alarm when suspiciously large amounts of data transfer are detected. The system could further identify destination application if cloud-based to determine if it is legitimate or a case of data theft.
  • Hidden malware — Detects advanced malware which may have evaded the perimeter security protection and infiltrated the organization/corporate network.

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.