NETWORK TRAFFIC ANALYSIS

Network Traffic Analysis (NTA) is an emerging category of security product that uses network communications as the foundational data source for detecting and investigating security threats and anomalous or malicious behaviors within that network.

The subtle art of detecting and preventing rogue access

The ability to characterize IP traffic and understand how and where it flows is critical for assuring network availability, performance, and security. Network traffic analysis provides the visibility on your network by utilizing tools to perform monitoring, troubleshooting and in-depth inspection, and interpretation with the synthesis of traffic flow data. It helps network operators to determine where to apply Quality of Service (QoS) policies as well as how to optimize resource usage, and it plays a vital role in network security to detect distributed denial-of-service (DDoS) attacks and other undesirable network events and activity.

Attacks on IoT devices tripled in 2019

As a network administrator responsible for the care and feeding of a network, it’s vitally important you have an extremely detailed understanding of your network topology.
Without this information, even basic troubleshooting can be unnecessarily difficult. You’ll find, if you haven’t already, that troubleshooting is much easier if you have detailed and up-to-date network documentation.

Common rogue connections on your network

One of the most common wireless security threats is the rogue access point—it is used in many attacks, both DoS and data theft. Many other rogue access points, however, are deployed by employees wanting unfettered wireless access—these access points are called soft access points. Other rogues are located in neighboring companies using your network for free access. Typically low-cost and consumer-grade, these access points often do not broadcast their presence over the wire and can only be detected over-the-air. Because they are typically installed in their default mode, authentication and encryption are not enabled, thereby creating a security hazard. Because wireless LAN signals can traverse building walls, an open access point connected to the corporate network the perfect target for war driving. Any client that connects to a rogue access point must be considered a rogue client because it is bypassing the authorized security procedures put in place by the IT department.

Monitoring network traffic is an incredibly powerful way to understand issues or problems within your IT environment. For many businesses, network performance is critical and if it’s failing or at its limit, there will be adverse effects that can cost time, money and resources. In order to understand, prevent and resolve these issues, there are numerous methods available to you for monitoring network traffic. Most importantly, the first thing you should focus on is “what do you want to achieve?”. Are you looking to better understand a specific issue? Perhaps it is more of an overall theme such as improving your awareness of what is crossing your network. Whatever the reason may be, having a predefined goal in place before you set out is essential.

As more wireless devices are introduced into a network, more wireless access points and transmissions within the network’s proximity are also created. When this happens, new, previously unknown access points (AP) from a neighbor’s network can sometimes be introduced into your network. These are rogue wireless access points, and their source can many times come unintentionally from employees. On the other hand, the source can be a malicious one who is intentionally installing and hiding the AP in order to gather proprietary information.

Learn more about the dangers of rogue connections in our Cybersecurity Blog.

Knowing how to analyze network traffic provides you with “who, what and when information” about activity on your network.

While other network security tools such as firewalls and intrusion detection system (IDS)/intrusion prevention system (IPS) products focus on monitoring vertical traffic that crosses the perimeter of a network environment, network traffic analysis solutions are focused on all communications – whether those are traditional TCP/IP style packets, “virtual network traffic” crossing a virtual switch (or “vSwitch”), traffic from and within cloud workloads, and API calls to SaaS applications or serverless computing instances.

Threat Intelligence

Our threat intelligence package will keep you and your staff protected and educated about the latest attack trends

Simplify

Simplify your IT by entrusting to our team of experts, who will find an answer to all your problems.

Protect

Protect your customers and staff from the growing cyber attacks on businesses of all sizes.

Secure

Secure your investment and sleep easy knowing that your business is cyber resilient 24/7.

Want to learn more about how we can protect your business?

Join us for a first free consultation including a free basic security audit. You do not have to commit to anything by contacting us other than the sustainability of your business in a growing and connected world

NETWORK TRAFFIC ANALYSIS