25:
163:
NBAD solutions can also monitor the behavior of individual network subscribers. In order for NBAD to be optimally effective, a baseline of normal network or user behavior must be established over a period of time. Once certain parameters have been defined as normal, any departure from one or more of
155:
Most security monitoring systems utilize a signature-based approach to detect threats. They generally monitor packets on the network and look for patterns in the packets which match their database of signatures representing pre-identified known security threats. NBAD-based systems are particularly
159:
An NBAD program tracks critical network characteristics in real time and generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Large-scale examples of such characteristics include traffic volume, bandwidth use and protocol use.
156:
helpful in detecting security threat vectors in two instances where signature-based systems cannot: (i) new zero-day attacks, and (ii) when the threat traffic is encrypted such as the command and control channel for certain
Botnets.
671:
574:
42:
143:(NBA), which offers security in addition to that provided by traditional anti-threat applications such as firewalls, intrusion detection systems, antivirus software and
548:
89:
492:
61:
408:
68:
770:
819:
108:
75:
57:
46:
201:
696:
854:
859:
849:
722:"How Endpoint Protection is Used by Finastra, Motortech, Bladex, Spicerhaart, and Connecticut Water: Case Studies"
35:
721:
288:– Inbuilt (Application Performance Score (APS), Application Performance Metric (APM), SLA, and Adaptive Response)
466:
178:
NBAD has also been described as outlier detection, novelty detection, deviation detection and exception mining.
82:
140:
167:
NBAD technology/techniques are applied in a number of network and security monitoring domains including: (i)
387:
467:"Palo Alto Networks Cortex XDR 3.0 automates threat detection and investigation across cloud environments"
205:
133:
139:
NBAD is the continuous monitoring of a network for unusual events or trends. NBAD is an integral part of
631:
606:
360:
251:
132:
threat detection. It is a complementary technology to systems that detect security threats based on
332:
279:
239:
646:
350:
354:
582:
291:
516:
448:
365:
309:
297:
129:
172:
795:"NetFlow Traffic Analyzer | Real-Time NetFlow Analysis - ManageEngine NetFlow Analyzer"
371:
344:
257:
220:
843:
263:
530:
433:
168:
794:
191:
24:
452:
647:"VMware acquires network security firm Lastline, said to lay off 40% of staff"
338:
586:
607:"ExtraHop Reveal(x) 360 for AWS detects malicious activity across workloads"
549:"How to block online threats and ransomware attacks with Cisco Stealthwatch"
245:
771:"Vectra AI attributes significant growth to expansion and new innovations"
632:"Flowmon ADS – KyberbezpeÄŤnostnĂ nástroj pro detekci nežádoucĂch anomáliĂ"
413:
Best
Network Monitoring Vendors, Software, Tools and Performance Solutions
326:
315:
820:"Hackers Are Having A Field Day Post Pandemic: Praveen Jaiswal, Vehere"
304:
267:
144:
171:(ii) Packet inspection systems (iii) Flow monitoring systems and (iv)
320:
285:
368:– ManageEngine NetFlow Analyzer's Advanced Security Analytics Module
517:"DDoS Security & Protection Software: Secure Your Network"
493:"Darktrace adds 70 ML models to its AI cybersecurity platform"
273:
18:
745:
409:"Network Behavior Analysis and Anomaly Detection: The Basics"
248:- AI Enterprise Immune System | Antigena Autonomous Response
377:
Vehere - PacketWorker
Network Detection and Response
374:– Windows Defender ATP and Advanced Threat Analytics
49:. Unsourced material may be challenged and removed.
434:"A survey of network anomaly detection techniques"
746:"GreyCortex | Advanced Network Traffic Analysis"
8:
441:Journal of Network and Computer Applications
672:"Opnet Technologies to be bought for $ 1B"
575:"Tenable enters partnership with In-Q-Tel"
323:– McAfee Network Threat Behavior Analysis
260:NSI – Arbor Network Security Intelligence
109:Learn how and when to remove this message
128:) is a security technique that provides
399:
697:"How we tested Sourcefire's 3D System"
254:– Allot Communications DDoS Protection
347:– Symantec Advanced Threat Protection
182:Popular threat detections within NBAD
7:
58:"Network behavior anomaly detection"
47:adding citations to reliable sources
122:Network behavior anomaly detection
14:
531:"Arbor DDoS Solutions – NETSCOUT"
769:Hageman, Mitchell (2022-09-05).
23:
217:Protocol Anomaly: Duplicate MAC
34:needs additional citations for
818:Goled, Shraddha (2021-04-03).
645:Whittaker, Zack (2020-06-04).
214:Protocol Anomaly: Duplicate IP
164:them is flagged as anomalous.
1:
670:Overly, Steven (2012-10-29).
197:Protocol Anomaly: IP Spoofing
573:Heath, Thomas (2012-09-23).
16:Approach to network security
695:Snyder, Joel (2008-01-21).
407:Hein, Daniel (2019-05-15).
226:Bandwidth Anomaly Detection
211:Protocol Anomaly: IP Fanout
876:
453:10.1016/j.jnca.2015.11.016
329:– Network Immunity Manager
555:(in Romanian). 2019-01-23
491:Daws, Ryan (2022-03-10).
432:Ahmed, Mohiuddin (2016).
266:– Stealthwatch (formerly
229:Connection Rate Detection
187:Payload Anomaly Detection
141:network behavior analysis
824:Analytics India Magazine
726:Enterprise Storage Forum
720:Ot, Anina (2022-03-25).
388:User behavior analytics
455:– via Elsevier.
276:– QRadar (since 2003)
147:-detection software.
799:www.manageengine.com
357:Threat Intelligence)
252:Allot Communications
43:improve this article
855:Security technology
353:– Mendel (formerly
333:Riverbed Technology
234:Commercial products
775:IT Brief Australia
750:www.greycortex.com
335:– Riverbed Cascade
282:– Enterasys Dragon
280:Enterasys Networks
240:Palo Alto Networks
200:Protocol Anomaly:
190:Protocol Anomaly:
860:Computer security
850:Network analyzers
611:Help Net Security
471:Help Net Security
292:ExtraHop Networks
134:packet signatures
119:
118:
111:
93:
867:
834:
833:
831:
830:
815:
809:
808:
806:
805:
791:
785:
784:
782:
781:
766:
760:
759:
757:
756:
742:
736:
735:
733:
732:
717:
711:
710:
708:
707:
692:
686:
685:
683:
682:
667:
661:
660:
658:
657:
642:
636:
635:
628:
622:
621:
619:
618:
603:
597:
596:
594:
593:
570:
564:
563:
561:
560:
545:
539:
538:
527:
521:
520:
513:
507:
506:
504:
503:
488:
482:
481:
479:
478:
463:
457:
456:
438:
429:
423:
422:
420:
419:
404:
366:ZOHO Corporation
310:Juniper Networks
298:Flowmon Networks
130:network security
114:
107:
103:
100:
94:
92:
51:
27:
19:
875:
874:
870:
869:
868:
866:
865:
864:
840:
839:
838:
837:
828:
826:
817:
816:
812:
803:
801:
793:
792:
788:
779:
777:
768:
767:
763:
754:
752:
744:
743:
739:
730:
728:
719:
718:
714:
705:
703:
694:
693:
689:
680:
678:
676:Washington Post
669:
668:
664:
655:
653:
644:
643:
639:
630:
629:
625:
616:
614:
605:
604:
600:
591:
589:
579:Washington Post
572:
571:
567:
558:
556:
553:Business Review
547:
546:
542:
529:
528:
524:
515:
514:
510:
501:
499:
490:
489:
485:
476:
474:
465:
464:
460:
436:
431:
430:
426:
417:
415:
406:
405:
401:
396:
384:
341:– Sourcefire 3D
236:
184:
173:Route analytics
153:
115:
104:
98:
95:
52:
50:
40:
28:
17:
12:
11:
5:
873:
871:
863:
862:
857:
852:
842:
841:
836:
835:
810:
786:
761:
737:
712:
687:
662:
637:
623:
598:
565:
540:
522:
508:
483:
458:
424:
398:
397:
395:
392:
391:
390:
383:
380:
379:
378:
375:
372:Microsoft Corp
369:
363:
358:
348:
342:
336:
330:
324:
318:
313:
307:
301:
295:
289:
283:
277:
271:
261:
258:Arbor Networks
255:
249:
243:
235:
232:
231:
230:
227:
224:
218:
215:
212:
209:
198:
195:
188:
183:
180:
152:
149:
117:
116:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
872:
861:
858:
856:
853:
851:
848:
847:
845:
825:
821:
814:
811:
800:
796:
790:
787:
776:
772:
765:
762:
751:
747:
741:
738:
727:
723:
716:
713:
702:
701:Network World
698:
691:
688:
677:
673:
666:
663:
652:
648:
641:
638:
633:
627:
624:
612:
608:
602:
599:
588:
584:
580:
576:
569:
566:
554:
550:
544:
541:
536:
532:
526:
523:
518:
512:
509:
498:
494:
487:
484:
472:
468:
462:
459:
454:
450:
446:
442:
435:
428:
425:
414:
410:
403:
400:
393:
389:
386:
385:
381:
376:
373:
370:
367:
364:
362:
359:
356:
352:
349:
346:
343:
340:
337:
334:
331:
328:
325:
322:
319:
317:
314:
311:
308:
306:
302:
300:– Flowmon ADS
299:
296:
293:
290:
287:
284:
281:
278:
275:
272:
270:StealthWatch)
269:
265:
262:
259:
256:
253:
250:
247:
244:
241:
238:
237:
233:
228:
225:
222:
219:
216:
213:
210:
207:
203:
199:
196:
193:
189:
186:
185:
181:
179:
176:
174:
170:
165:
161:
157:
150:
148:
146:
142:
137:
135:
131:
127:
123:
113:
110:
102:
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: –
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
827:. Retrieved
823:
813:
802:. Retrieved
798:
789:
778:. Retrieved
774:
764:
753:. Retrieved
749:
740:
729:. Retrieved
725:
715:
704:. Retrieved
700:
690:
679:. Retrieved
675:
665:
654:. Retrieved
650:
640:
626:
615:. Retrieved
613:. 2022-03-24
610:
601:
590:. Retrieved
578:
568:
557:. Retrieved
552:
543:
534:
525:
511:
500:. Retrieved
496:
486:
475:. Retrieved
473:. 2021-08-24
470:
461:
444:
440:
427:
416:. Retrieved
412:
402:
242:– Cortex XDR
177:
169:Log analysis
166:
162:
158:
154:
138:
125:
121:
120:
105:
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
327:HP ProCurve
294:- Reveal(x)
151:Description
99:August 2013
844:Categories
829:2021-05-17
804:2022-09-20
780:2022-09-20
755:2016-06-29
731:2022-10-06
706:2022-09-13
681:2022-08-18
656:2022-10-11
651:TechCrunch
617:2022-08-18
592:2022-09-13
559:2022-08-24
502:2022-08-12
477:2022-08-12
418:2022-06-27
394:References
351:GREYCORTEX
339:Sourcefire
303:FlowNBA –
69:newspapers
587:0190-8286
447:: 19–31.
361:Vectra AI
355:TrustPort
246:Darktrace
223:Detection
535:NETSCOUT
382:See also
345:Symantec
316:Lastline
194:Spoofing
497:AI News
305:NetFlow
268:Lancope
145:spyware
83:scholar
585:
321:McAfee
312:– STRM
286:Exinda
208:Fanout
85:
78:
71:
64:
56:
437:(PDF)
264:Cisco
221:Virus
90:JSTOR
76:books
583:ISSN
126:NBAD
62:news
449:doi
274:IBM
206:UDP
202:TCP
192:MAC
45:by
846::
822:.
797:.
773:.
748:.
724:.
699:.
674:.
649:.
609:.
581:.
577:.
551:.
533:.
495:.
469:.
445:60
443:.
439:.
411:.
175:.
136:.
832:.
807:.
783:.
758:.
734:.
709:.
684:.
659:.
634:.
620:.
595:.
562:.
537:.
519:.
505:.
480:.
451::
421:.
204:/
124:(
112:)
106:(
101:)
97:(
87:·
80:·
73:·
66:·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.