Home > Industry Challenges > Baselining
How to determine and baseline acceptable traffic and applications PDF Print E-mail


Business Problem

Network and security administrators who are unaware of the trafic flowing in and out of their networks will find it nearly impossible to detect anomalous and potentially malicious network activities. You can't manage and protect what you can't see. Administrators must define a normal network baseline before they can determine if deviations are malicious threats or merely abnormal flows due to testing or employees watching a streaming video of something like the World Cup.


Who is Affected

Chief information security officers (CISO) and other network administrators are responsible for the protection and health of their organization's network from security threats. Anomalous traffic can warn that network resources are being misused or misappropriated.


Solution

Baselining – establishing normal network and user behavior – helps determine normal and abnormal traffic patterns and discovers authorized network reutors, servers and applications consistent with acceptable use policy. During baselining, traffic from routers, servers, and applications, are reviewed over specified periods of time and different periods within a day. After these averages are compared, operators gain a clear view of how their network is used. 

The algorithms used by NarusInsight Solution for Cyber Protection help network administrators construct normal traffic patterns and inventories among routers, servers, and applications. Reports – such as top applications, top talkers, and inventory maps – help operators see the normal working conditions of their network. Alerts, based on deviations from the norm – set by the operators – help determine whether traffic is malicious or anomalous and pinpoint areas to investigate further. 

NarusInsight rule sets and analytical algorithms pinpoint security ssues including worms, Trojans, advanced persistent threats and zero day attacks. Based on the results of that investigation quick remedial action can be taken.


Credible Evidence


NarusInsight Solution Cyber Protection is used to define a normal network baseline which can then be used to determine abnormal network traffic and behavior at a later date.
NarusIsight Solution Cyber Protection is used to define a normal network baseline which can then be used to determine abnormal network traffic and behavior at a later date.


Benefits

•  Detects network security breaches through continuous monitoring.
•  Improves network traffic management.
•  Maintains quality of service for network users.
•  Ensures network resource management.
 
   Copyright © 2012. Narus, Inc., a wholly owned subsidiary of The Boeing Company|
Site Terms