Network Behavioral Analysis

The Behavioral Correlation Module (BCM) hosts the patented behavioral analysis and correlation tools – a key technological advantage that only Global DataGuard provides. The behavioral analytics capability employs raw packet information through layer 5, detecting early threat activity and maintaining alert logs and behavioral profile information for at least six months – enabling constant monitoring of global attacks and vulnerabilities. In addition, the BCM:

• Continuously analyzes and correlates raw packet data for an average of 14-30 days and behavioral profiles & signature alerts for up to two years (These periods could be extended);
• Exceeds traditional frequency, threshold, and netflow-based detection;
• Best method to detect reconnaissance activity prior to an attack, especially low level or slow activity;
• Continuously adapts to each customer network;
• Dramatically reduces false positives;
• Identifies and tracks typical network traffic and packet behaviors over long periods of time and automatically sends out alerts for any anomaly;
• Identifies reconnaissance activity, unknown attacks and zero-day attacks;
• Guards against threats from within, providing alerts for resource violations, abuse of privileges and misuse of corporate assets;
• Is more predictive and proactive because the potential for an intrusion is discovered earlier, and at a more detailed level, for earlier and more specific countermeasures;
• Provides faster alert generation and system recovery because analysis is automated and done faster than a human can interact with systems data;
• Reduces alert management overload while still processing all data from network and host sensors—not just what gets through the firewall.

The Global DataGuard BCM provides:

• Deep-packet analysis of layers 1-5
• Automatic alert analysis and correlation over 14 - 30 days worth of captured raw packet data
• Automatic alert escalation and prioritization
• Automatic enterprise-wide correlation
• Behavioral detection of anomalous communications
• Detection of unauthorized access to network resources
• Frequency-based detection
• Threshold-based incidents
• Global threat correlation