NBA products serve as collectors, receiving network flow data from switches and routers that they in turn process into meaningful information. With direct packet capture, the NBA system acquires network traffic directly from a switch or router using a SPAN port or network tap, and exports it into the equivalent of what would be received if the NBA product had simply grabbed network flow data. Going a step further, NBA systems also can leverage deep packet inspection through direct packet capture to flag attacks that couldn't be detected by monitoring only network flow data. This method also provides awareness of applications that may be piggybacking on other normal application ports.
A baseline of normal behavior is the core of NBA, but these systems also sport pattern-matching signatures to spot network scans, anomalous application behavior, and worms. NBA vendors recognize that customers like to have immediate feedback from security products when they flip the "on" switch, so pattern matching is available out of the box. Of course, the most value comes once a solid baseline is in place, but these take several days to a week to develop properly.
NBA PLAYBOOK
So, is NBA a fit for enterprises that already have IDS/IPS deployed throughout their corporate headquarters and branch offices, firewalls at the perimeter--maybe even around the data center--and a SIEM that promises insight into the goings-on of the enterprise infrastructure? Short answer, yes. It completes the network visibility picture, filling gaps left by other security systems and providing information about relationships among network hosts, including which are clients and which are servers; alerting on breaches of policy such as unauthorized use of peer-to-peer file sharing; and more.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
