A company that offers software to scan computer networks for trouble is adding analytics capabilities to better determine the source of that trouble. Narus has upgraded its NarusInsight Solution for Cyber Protection and added NarusInsight Solution for Cyber Analytics for deeper analysis of network anomalies.
The volume of data coursing through the Internet and corporate networks is expected to quadruple over just the next few years, and enterprises need to watch that traffic for anomalies such as security threats, as well as to manage the efficiency of those networks, says Greg Oslan, CEO of Narus, a wholly owned subsidiary of aircraft builder The Boeing Co. (Boeing acquired Narus in 2010.) Other network monitoring technology sees just a portion of the traffic while Narus watches traffic down to the application layer.
"The amount of traffic flowing is growing … but the amount of visibility into that traffic is decreasing because every new application that someone writes or delivers doesn’t immediately have a signature," Oslan says. "One of the benefits of Narus is that we see all of that traffic and are able to put meaning and context to all of that."
The newly updated Cyber Protection application detects anomalous and potentially malicious traffic, and alerts network operators of the changes in behavior that signify a possible attack or other network disruption. It can detect the presence of bots on the network and exfiltration, which refers to the removal of sensitive data off of the network.
Like other network monitoring tools, Cyber Protection detects advanced persistent threats (APTs) that are high-volume attacks, but Narus also detects "low and slow" threats where malicious code sits quietly on a network for weeks or months before being activated. "Because we’re so deep in the network, and we do see all the traffic all the time, we’re able to now pick out some of those nuances," says Neil Harrington, director of product management for Narus.
While Cyber Protection identifies anomalies, the new Cyber Analytics tool determines the cause or source of network anomalies for faster investigation of those threats by network administrators. It uses mathematical formulas to study the traffic both at rest, such as in storage, and in motion while traveling across the network.
"Let’s dig into that traffic and analyze and understand everything we can about that anomaly so that it can be then mitigated and remediated so that it doesn’t happen again," says Oslan.
The Cyber Analytics tool studies petabytes of data traffic but condenses the results to mere gigabytes to give administrators only the most pertinent results. "That’s a big difference for the end user because the analyst’s problem is not too little information, it’s too much information," he adds.
See more on this topic by subscribing to Network Computing Pro Reports Security That Never Sleeps (subscription required).