The challenges that the Network Profiling service address:
• The challenge of effectively providing "Anomaly based intrusion detection".
• The challenge of maintaining a "Graphical overview of your network".
Although signature based intrusion detection protects from most common attacks, many intrusions go undetected by commercial IDS/IPS systems. These intrusions can often only be detected by investigating anomalies that occur in your network.
Typically these intrusions result in some form of abnormal network behavior, such as the company webserver suddenly making outbound access attempts towards the Internet. The anomalies triggered by a compromised system will be different for different networks.
By visualizing the traffic patterns of your network, Network Profiling will make it easy to define network flows that are expected. This is known as profiling, where expected traffic flows are collected and summarized as stable profiles. This enables effective exception monitoring of selected or entire parts of your network by labeling profiles as "locked". Any anomalies will be detected and reported instantly.
The visual overviews will also highlight and clearly show remote site dependencies, such as partner VPN-connections.
The service provides:
• 24/7 monitoring for security anomalies
• Graphical representation of selected network segments
• Ability to track policy enforcement
• Reduced risk of data leakage
• Well-defined content for the services specified in the SLA (Service Level Agreement)