Increasingly corporate networks are the targets of massive virus attacks. These malicious attacks often cause the corporate networks to go down leading to lost business days. Network dependant enterprises can't afford to suffer such attacks, as the financial implications are quite high. A sound tool that lets you detect the onslaught of any virus attack or worm attack instantly is well in order.
A Network Engineer observes anomalous peaks in network load at the start of business day. He views the traffic report and observes spikes in the traffic pattern.
He suspects a possible worm attack that has been known to be affecting computer networks elsewhere. To confirm his suspicion he views the Troubleshoot report in the NetFlow Analyzer.
He finds unusually high traffic on port UDP 1434, which is characteristic of a SQL Slammer Virus attack. Now, he can drill down to see the IP addresses from which this attack is originating and also the list of IP addresses that are infected.
He can now block the source of this attack and then proceed to apply the appropriate patch on the infected IPs.
NetFlow Analyzer helps network managers to quickly identify the cause of attacks and take immediate corrective action to contain any possible damage.
Advanced Security Analytics Module is a network flow based security analytics and anomaly detection tool that helps in detecting zero-day network intrusions, using the state-of-the-art Continuous Stream Mining Engine™ technology, and classifying the intrusions to tackle network security threats in real time.
- Jim Key, Systems Engineer in Big River Internet