Cyber Defense eMagazine May 2019
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Traffic Analysis Engine<br />
These are the work horses of NTA. There are many analytical techniques that can be applied ranging<br />
from simple statistical analysis to much more complicated machine learning based algorithms. The goal<br />
is to identify the applications and services whose traffic patterns exceed the derivation thresholds from<br />
the established baselines.<br />
Output Module<br />
As the results of traffic analysis, logs and alerts are generated, they are presented visually in the user<br />
interface for security analysts and admins to take mitigation actions, such as pushing firewall policies,<br />
blocking suspicious hosts or performing traffic control associated with compromised hosts.<br />
NTA technology is critical to cyber security. It provides an effective and powerful tool to gain insights of<br />
real time network and application traffic, especially east and west network traffic, which is often<br />
associated with lateral traffic movement and data exfiltration after an attacker breaches the corporate<br />
network. This is critical in detecting post-breach threats, as well as those unauthorized activities from<br />
inside the corporate network, whether done intentionally or unintentionally, by corporate employees.<br />
Hillstone delivers on and helps you understand and act on network traffic analysis<br />
In Gartner’s NTA Market Guide, the Server Breach Detection System (sBDS) from Hillstone Networks<br />
was selected by Gartner as the leading product after comprehensive reviews.<br />
The sBDS platform integrates multiple threat detection engines such as Intrusion Prevention System<br />
(IPS) and antivirus. Without decrypting SSL/TLS traffic, layer 7 traffic metadata are collected and<br />
baselines are established during what is called the learning mode. Subsequently, real time traffic is<br />
continuously monitored and analyzed during what is called the detection mode. Using advanced<br />
mathematical algorithms to identify deviations from normal activity, any abnormal activities can be<br />
effectively detected and flagged. sBDS also integrates with Hillstone Next Generation Firewalls to add<br />
blocking capabilities.<br />
In addition, Hillstone’s NTA solution has self-adaptive capabilities. Any false positives or known<br />
exceptions such as holidays and vacations periods can be marked and applied to the future relearning<br />
and analysis either manually or automatically. The Hillstone NTA solution primarily targets the data<br />
center, with many dashboards focused on this use case. It can be deployed inside the corporate network<br />
as well as near protected server farms or host groups.<br />
Hilstone’s NTA solution is part of the full Hillstone Networks security and risk mitigation platform,<br />
delivering layered protection that allows enterprises to detect abnormal user and application behavior,<br />
thereby protecting enterprises from attacks, especially insider threats.<br />
65