FOR, by Adam Powers, director of technology, Lancope

Network Behavior Analysis (NBA) systems excel at detecting and mitigating worms, viruses and other malware.

NBA systems leverage NetFlow/sFlow from existing network infrastructure to simultaneously analyze hundreds of network points without requiring additional hardware at each monitoring location -- creating end-to-end network visibility.

Because NBA systems analyze packet payload and are primarily driven by host relationships, statistical analysis and behavioral modeling, they are not burdened with inspection and pattern-matching for every packet.

NBA systems are "infrastructure aware" in that once worms/viruses hit the network, NBA appliances know exactly what router/port to disable or where to install an ACL to quarantine the worm or virus.

Easy-to-deploy, cost-effective and a proven defense against new and undocumented attacks, NBA systems are integral for IT organizations looking to detect and respond quickly to network debilitating outbreaks.

AGAINST, by Matt Miller, vice president of engineering, CounterStorm

Network behavioral anomaly detection (NBAD) is not the most effective solution for stopping worms and viruses.

In much the same way that intrusion detection systems (IDS) evolved to provide attack mitigation at the network perimeter in the form of intrusion prevention systems (IPS), NBADs must evolve into a viable security solution for the network interior. Today's NBADs need constant tuning and maintenance and produce volumes of data. This requires network experts to filter out high numbers of false positives to derive any actionable information.

Many enterprises buy NBADs for their claimed security benefits, but in the end use them as decision support tools for network monitoring and operations. When NBADs are expected to provide real-time containment of actual security incidents, such as worm outbreaks, they continually fall short.

A true internal network security solution needs to correlate evidence from several best-of-breed engines, where anomaly detection should play a supporting, but not leading role.

Matt Miller

Matt Miller oversees Liongard’s team of product managers, requirements engineers, and design professionals to set and design the company’s product roadmap. Before joining Liongard in 2018, Matt spent over a decade in the managed service provider (MSP) space in Austin, Texas, starting as an engineer before moving to management roles overseeing the project engineering group and account management. As a result, Matt has experience with almost every aspect of the MSP business and the associated challenges, opportunities, and risks. CRN honored Matt as a Channel Chief in 2022. He graduated from the University of Texas at Austin with a Bachelor of Arts in Computer Science.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.