ITNewsAfrica logo

Latest News       Profile      Arbor Networks Website       Contacts       IT News Africa

linkedin   twitter icon   facebook



Network traffic analysis for security: A "market" on the cusp of the chasm?


JOHANNESBURG – December 06, 2016 – There is much talk at present about the value that comes from network traffic. Traffic can bring end-to end visibility of all users, applications and services, their activities and locations from a single perspective, allowing security teams to understand trouble spots and threats, and make smart and accurate decisions quickly before the wider infrastructure is impacted.

“In the new threat era of more planned, targeted campaigns against organisations, network traffic provides the greatest panorama of new ‘clues’ or tip-offs about abnormal behaviour – users, hosts, services and applications communicating inside or outside the network in a concerning way – and also the evidence to show the what, when, who and how a ‘crime’ occurred,” says Arabella Hallawell, vice president of corporate strategy at Arbor Networks, the security division of NETSCOUT.

Yet, she asks why has network traffic analysis – or its second, older cousins network forensics and network behaviour anomaly detection – not emerged beyond early adopter or expert market segment status?

“The signs are emerging that more organisations are considering or evaluating network traffic analysis,” Hallawell continues. “Industry analyst firms ESG and IDG have published data and market reports on the importance of network traffic analysis for security. Both SANS, the research organisation, and IDC conducted surveys in 2016 of enterprise decision makers which place understanding and investment in staff and solutions that understand normal traffic patterns and operations to detect and investigate abnormal ones, as a top shortage and initiative. But there have been plenty of security market segments – probably better described as use cases – that never break out into the security mainstream and form about USD400M+ in market size, signalling wider adoption and existence ‘of being’.”

Indeed, she points out that well-known business author of “Crossing the Chasm”. Geoffrey Moore, still defines a market best with his four criteria of:

  • a set of actual or potential customers;
  • for a given set of products or services;
  • who have a common set of needs or wants; and
  • who reference each other when making a buying decision.

“This definition helps one to see when a market segment or a use case is still emerging and not quite a ‘true’ market. Despite the excitement around the EDR (endpoint detection and response) space, there are multiple different use cases and distinct technology capabilities awkwardly grouped together, including from stopping the execution of malicious activity to alert triage and investigation/ forensics. The sets of products are not standard and the needs and wants are not always common,” highlights Hallawell.

She adds that network traffic analysis for security can also be used for multiple use cases such as detection of suspicious activity to investigation of activity that might be an incident, to forensics post-breach. The capabilities needed from a provider might be different depending on the use case. Multiple use cases requiring different technologies and needs stymie true market creation.

“However, we might just be on the cusp of a chasm for network traffic analysis. Today’s new threat environment of attack campaigns do require different skills and solutions where use cases that once were separate, such as detection or forensics, now must come together in a new way. That’s because attack campaigns require different solutions than threats in the past – such as a nasty malware programme. Finding attack campaigns requires skill-sets, processes and solutions to see multiple subtle signs of malicious activity, and that can chain together timelines of activity in real time- and retrospectively, as campaign artefacts typically hang out in networks for weeks or months.

“This is a new need for a broader set of organisations and one that several vendors are vying to solve. A combination of multiple vendors successfully innovating to help solve real problems, and fast buyer alignment around core capabilities required, can build a market quickly,” concludes Hallawell.

Arbor Networks Spectrum 2.2, is a high performance network traffic analysis platform integrating Netflow, packet and threat intelligence data for real-time and retrospective investigation of advanced threats. The platform is available throughout Africa – please contact Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks at bhamman@arbor.net for more information.

About Arbor Networks
Arbor Networks, the security division of NETSCOUT, helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context so customers can solve problems faster and reduce the risks to their business.
To learn more about Arbor products and services, please follow us on Twitter @ArborNetworks. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.
Trademark Notice: Arbor Networks, the Arbor Networks logo and ATLAS are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners.

Networks Unlimited, Chriselna Welsh, +27 (0) 11 202 8400, chriselna.welsh@nu.co.za
icomm, Debbie Sielemann, +27 (0) 82 414 4633, debbie@pr.co.za, www.icomm-


Home    About Arbor Networks     Website     ITNewsAfrica.com



ITNewsAfrica logo

Download Button