Home

Akibia Spotlight

Check Point's Powerful SSL-VPN Capabilities Enhanced

Nokia Enhances Security Portfolio with IP390

Secure & Accelerate Your Business with Blue Coat

Your Reputation Precedes You: The Future of E-Mail Reputation Systems

Scaling Protection: The Network Now Plays a Roll in LAN Security

Compliance, NAC, VoIP & Others Require Next-Generation Network Infrastructure

The RSA Security PCI Solution

Solving the Entitlement Reporting Challenge

Case Study: Paragon Biomedical Secures Clinical Data via TippingPoint IPS

Achieving Compliance Nirvana

Voice on the Mobile Edge

Better Visibility for More Efficient Compliance

Best in Class HIPS Solutions for Best Practice Endpoint Security

Akibia News

Akibia Partners

Contact Akibia

 

 

Better Visibility for More Efficient Compliance
By Charles Kaplan, CHIEF SECURITY STRATEGIST - MAZU NETWORKS

Network Behavior Analysis (NBA) systems entered the technology marketplace primarily as security offerings, but savvy organizations have realized that the visibility and reporting capabilities these systems provide are well leveraged for regulatory compliance.

As many commonalities exist between regulations, the following highlights some of the activities where NBA systems can be used to improve the efficiency of compliance efforts.

Document the Network and Identify Risks/Vulnerabilities

NBA systems provide visibility into a broad spectrum of network activity, including which services and applications are in use, who is using them, and how those systems are accessed. The visibility that NBA systems provide helps identify risks and vulnerabilities, such as use of insecure protocols or suspicious connections to protected servers. An NBA system will identify not just known network elements, but also unauthorized implementations and communications.

Protect Data/Systems from Untrusted or Inappropriate Access

NBA systems continually monitor the behavior of systems, applications and users in the network, comparing real-time activity with baselines and defined policies, to identify suspicious or inappropriate access. Suspicious activities may include the "wrong" person accessing a system (such as a developer touching a production system), an insecure protocol (such as telnet to access a PCI server), or an inappropriate data transfer (such as EU-based personal data being sent to a server in the U.S.).

Monitor for Security Breaches

NBA systems monitor for malware such as worms, Trojan horses, viruses, and other hostile content. Because NBA systems are behavior-based, they can identify zero-day attacks for which there is no signature yet. Whether the malware enters the network through a zero-day attack, someone walking in with an infected laptop, or through an unofficial and therefore unpatched Web or email server, the NBA system alerts personnel, pinpoints the attack, and quarantines the infected devices.

Respond to Incidents

NBA systems help companies respond more effectively. Impact forecasting enables responders to understand the impact of the proposed response to ensure that critical systems aren't needlessly disrupted. Real-time mitigation plans show how to use the network infrastructure to quarantine affected systems. NBA systems can even deliver mitigation directly through the network.

Provide Reports and Audit Trails

NBA systems enable businesses to report on virtually any aspect of internal network activity. Whether a snapshot of current activity is needed, or a complete audit trail of historical connections for a specific host, the reporting and audit trail capabilities of NBA systems greatly reduce the effort to respond to auditors' requests.

Optimize Security Policies

NBA systems can model security policies and forecast the effect that changes will have on the network. This enables companies to define controls that are tight enough to meet regulatory requirements without blocking legitimate traffic.

For more information about Mazu Networks and NBA, visit www.mazunetworks.com.