NBAD AI based
Network behavior anomaly detection (NBAD) is the real-time monitoring of a network for any unusual activity, trends or events. The network behavior anomaly detection tools are used as additional threat detection tools to monitor network activities and generate general alerts that often require further evaluation by the IT team.The systems have the ability to detect threats and stop suspicious activities in situations where traditional security software is ineffective. Additionally, the tools suggest which suspicious activities or events require further analysis.
The three major components of network behavior monitoring are the traffic flow patterns, the network performance data and the passive traffic analysis. This allows an organization to detect threats such as:
Inappropriate network behavior — The tools detect unauthorized applications, anomalous network activity, or applications using unusual ports. Once detected, the protection system may be used to identify and automatically disable the user account associated with the network activity.
Data exfiltration — Monitors outbound communications data and triggers an alarm when suspiciously large amounts of data transfer are detected. The system could further identify destination application if cloud-based to determine if it is legitimate or a case of data theft.
Hidden malware — Detects advanced malware which may have evaded the perimeter security protection and infiltrated the organization/corporate network.