Network Perimeter Analytics allow the collection and processing of huge amounts of network log data, looking for the “needle in the haystack”, by analyzing behavior and identifying suspicious and out-of-the-ordinary communications.
Combining the Big Data analytic capabilities of Elastic and Spark/Hadoop with the real-time correlation strength of the SIEM engine, the framework provides 24x7x365 actionable intel for any security or compliance requirement.
With Network Perimeter Analytics all network traffic reaching or leaving the customer perimeter or sensitive network segment (eg Cardholder Data Environment, Industrial Control Systems) is monitored and a “Gold Standard” behavior mapping is carefully developed. This behavior is evaluated and applied in order to analytically evaluate:
- Network administrators ACL management errors that may leave the whole perimeter unprotected
- “Dangling” access lists from unimplemented revoke access requests
- Malicious configurations performed
- Inbound connection trending to open services from suspicious or malicious sources (based on OSI Threat Intelligence)
- Abnormal egress activity (worm outbreak, data leakage, DNS tunnels, Peer to Peer activity)