Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rolling Review Kickoff: Network Behavior Analysis Systems: Page 4 of 4

With this network visibility should come the benefit of adding teeth to existing policies stating what is and isn't allowed within the corporate network, such as instant messaging and P2P. There are also business and regulatory requirements that require monitoring and tracking of all network activity back to the user responsible. To accomplish this, NBA products interface with user directories, such as LDAP and Microsoft Active Directory, in addition to DHCP and DNS. Leveraging identity information can make policies more powerful, too, by defining alerts if, say, a contractor account accesses a sensitive area of the network.

Network Behavior Analysis Rolling Review
The Invitation

To be eligible for this Rolling Review, products must perform behavioral analysis of network traffic by monitoring through direct packet capture and network flow data. Entries should support at least NetFlow, IPFIX, and SFlow. Testing scenarios will include both a production network and lab environment. We will assess products based on:

  • Network performance reporting; detection and classification of malicious behavior; host and server discovery; and alerting on unauthorized traffic as defined by policy, such as P2P and instant messaging.
  • Management and configuration, including the ability to integrate with existing network and security systems.
  • Extended feature set, including application awareness (Layer 7 decoding), identity management, remediation capabilities, and troubleshooting.
  • Reporting through dashboard, integration with SIEM, and other methods.
  • Price as tested.
The Test Bed

We'll test NBA systems in our University of Florida Real-World Labs, using testing gear from Network Critical, by sending NetFlow traffic from core routers and switches in a production network. For direct packet capture, we'll connect a SPAN port to one core router, and we'll evaluate identity awareness using Microsoft Active Directory and several hosts running Windows XP and Vista. Test traffic will be generated by infecting machines with live malware, sharing and downloading files through P2P apps, and using IM software.

The Vendors

Arbor Networks, Lancope, Mazu Networks, NetQoS, Q1 Labs, and Sourcefire. For consideration, contact the author.

THE PREMISE

InformationWeek's Rolling Reviews present a comprehensive look at a hot technology category, beginning with market analysis and wrapping up with a synopsis of our findings.