- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Senior Editor Denise Dubie guides you through the latest developments in management tools and services.
The IT security team at Wayne State University in Detroit wanted to get better visibility into the traffic crossing the urban institution's main and satellite locations. With some 33,000 students and 10,000 faculty, staff and employees using the network which includes 10,000 internal and 50,000 external hosts, the team turned to network behavior analysis (NBA) software from Q1 Labs.
NBA tools monitor and analyze network traffic, looking for abnormalities and patterns that could indicate a zero-day attack, or a server sending too many queries, or one that is trying to connect to the Internet in the middle of the night (Compare Network Monitoring and Management products). The products prove to be another layer of security; in addition to identifying top talkers on the network, NBA technology can help network and security teams detect undocumented vulnerabilities and symptoms of unknown threats before the environment is impacted.
"We have so many sources for network traffic and we needed better insight into the network," says Morris Reynolds, director of information security and access management at Wayne State. "We had a funding opportunity that enabled us to purchase the technology that would help us see what vulnerabilities were coming across our network and how we were at risk."
The university implemented Q1 Labs QRadar technology, which is packaged as an appliance, in July 2007 and upon installation detected between 10 and 15 bot-controlled computers on the network. The security policy at the university cuts those computers off from "the outside world" and gives systems administrators up to four days to remediate the problems. Finding these vulnerabilities helps the security team spot potential vulnerabilities and monitor traffic sources.
"Right off the bat, QRadar gave us a general idea of what was going on in out network. It broke down the traffic by applications, I think it can handle more than 1,000 types of network traffic, and we were able to see which of our networks were most vulnerable and which had the most problems," says Graydon Huffman, senior systems security specialist responsible for QRadar.
Reynolds adds that the information QRadar serves up from more than 50 devices (at a rate of 600 events per second) helps the security team protect the integrity of the entire network and be able to support their requests to other IT staff with data on the potential vulnerability. Wayne State University is currently planning a move to a distributed deployment model to monitor university wide inter-hub traffic and has plans to expand the use of QRadar to its medical campus in 2009.
Denise Dubie is senior editor with Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
NetScout and analyst Jim Metzler have teamed to deliver a series of IT Briefs on Network and Application Performance Management leveraging research from NetScout’s nGenius & Sniffer users.
www.netscout.com
Metzler on CIO Priorities
The top five CIO priorities based on a survey of NetScout users revealing CIOs' top priorities and what they think they should be. Also includes interviews with CIOs of large organizations.
Read the Report
Metzler on Application Delivery
How to eliminate the stovepiped or siloed nature of application delivery from both an organization and a technological perspective.
Read the Brief
Metzler on Network Troubleshooting
Overview of network troubleshooting that provides an assessment of where we are, and where we need to be relative to the complexities of today's IT challenges.
Read the Brief
Comments (3)
Response to: NBA and the security fairyBy Anonymous on September 28, 2008, 6:56 amHello Schrathboy, The NBA stuff provides tremendous insight into the network using NetFlow and sFlow. Basically it can find threats realtime across hundreds of...
Reply | Read entire comment
Perhaps you are being aBy Tom Turner on August 21, 2008, 8:28 amPerhaps you are being a little mislead by the title of the story. It is actually an important combination of network behavior analysis as well as log collection...
Reply | Read entire comment
NBA and the security fairyBy Schratboy on August 20, 2008, 5:54 pmReally, does anyone think that a technology box secures anything? And this NBA stuff? Patterns, thresholds and alarms are so 'fire fighting old hat!' Perhaps it's...
Reply | Read entire comment
View all comments