3. Network Flow Analysis
Technologies that monitor network traffic to alert on suspicious activity can help detect internal threats and are increasingly being marketed to help uncover advanced threats. It gives IT networking security professionals an in-line view of the corporate data flowing through network routers and switches. Tools can capture communication between an infected PC and a botnet command-and-control server.
Applying analytics on network traffic also can help detect threats. RSA's NetWitness platform pulls in network data and adds external threat intelligence feeds and analytics to gain insight into network behavior. It competes head on with Solera Networks, acquired this year by Blue Coat Systems, which uses a different engine for data analysis. Both platforms have long been favorites of computer forensics investigators during a breach investigation to trace the scope of a security incident. But the appliances increasingly are being used as for near-real-time detection of threats.