ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

Network Traffic Analysis

When you hear about Network Traffic Analysis (NTA) for the first time, you probably think of classic network monitoring first, but Network Traffic Analysis goes much further than that.

While classic IDS / IPS solutions in network monitoring focus on cross-network traffic, network traffic analysis includes precise monitoring of all traffic in your own network in real time with a special focus on threat hunting, even if the monitored traffic is encrypted should act and you cannot check the content.

Both attackers and malware have to communicate via the network, which in turn means that even if you cannot detect attackers and malware yourself, you can see their traffic.

Network Traffic Analysis: Das Netzwerk lügt nicht

PSN Icon Network Transfer Scope

Network analysis is essentially about intercepting and examining data packets in order to draw conclusions about the information they contain from the recurring patterns of communication.

The general rule is: the more data packets that have been intercepted or monitored, the more proper conclusions can be drawn about the content of a message flow.

PSN Icon Light Bulb

Network Traffic Analysis in itself is not a new concept. With the advent of radio devices at the latest, the military has dealt with it, by analyzing radio connections depending on, for example, patterns of how often radio is carried out, who is radioing with whom, who started a radio connection. It also deals with how long radio links lasted in order to draw conclusions about chains of command, troop movements, intentions, preparations, plans and identities.

PSN Icon Encrypto Box

Network traffic analysis is also closely related to cryptanalysis, and in modern applications of network traffic analysis, social network analysis (SNA) is also used.

You want yours
Continuously optimize IT security?

Find out more about our Pentest as a Service offer now!

Zum Pentest as a Service

Network Traffic Analysis: Welcome to the Jungle

PSN Icon LAN

Well-functioning network monitoring has always been a demanding task. With the arrival of smartphones, tablets, IoT, cloud computing, XaaS and With the progressive networking of all available devices, including toasters and coffee machines, maintaining effective network monitoring without blind spots is like the proverbial forest that you cannot see for the trees.

PSN Icon Hacker

With attackers who are constantly developing new procedures, adapting their old ones, as well as using regularly used services such as programs within the company in order to move as undiscovered in the network as possible, the classic approaches of monitoring such as IDS / IPS and common endpoint protection solutions come to its limits when it comes to proactively detecting potentially problematic abnormal traffic or behavior.

PSN Icon web Network Scope

Here is a short example:
For an IDS or IPS system, it is easy to write a rule that says, “If connections to the Tor network are attempted, I will do X:”.
It looks different if you want to implement rules in a meaningful way, such as: “Strike if twice as much data flow from the file server in period X as the 2-week average.”

PSN Icon Eye

Network Traffic Analysis as eyes of the network

Tools and systems that try to implement network traffic analysis technically today (Network Detection and Response, or NDR for short) try to close this gap between time and knowledge.

By identifying road users within the network communication, the relationship between them and assigning their typical behavior to them, the detection of malicious intentions should be automated as far as possible.

This, in turn, should enable IT security personnel to implement tailor-made threat detection rules for the respective company in order to simplify threat hunting for them and also to fuel incident response workflows.

Bild des stellvertretenden Geschäftsführers Immanuel Bär

Are you looking for professional partners for your company's IT security?

Contact us now!

contact us

SIEM vs NDR a new player joined the SOC

Operating a Security Operation Center (SOC) is now synonymous with Security Information and Event Management (SIEM ) Product to use. It’s the backbone of the SOC, and emerging NDR products won’t change that either. Much more, they will become the second essential pillar of the SOC in the coming years.

SIEM is based primarily on the collected logs that were configured on the monitored devices. NDRs that use network traffic analysis through a lot of machine learning are independent of this. If SIEM represents the skeleton of a SOC, then NDRs become the muscles of the SOC through Network Traffic Analysis.

Zuletzt aktualisiert am August 16, 2021

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap