This is a funy article ... Cisco and Foundry have no NBA product. Granite Edge has been out of business for about 2 years and Sourcefire is trying to get into the NBA space but Gartner does not recongnize it as such. Nitro is an IPS vendors with some minimal NBA and Q1 Labs is a SIM/SEM ....
Funny report but the only true NBA players are Arbor, Mazu and Lancope. Good luck - Mike
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Last line or First line?
First some disclosure – I am the Chief Technology Strategist for NBA vendor Mazu Networks.
NBA may be thought of as a last line of defense, but it is in many cases the first and only line of defense against today’s more insidious hacks.
Zero day threats as the author points out are of course an easy target for NBA to detect. But let’s also take a time out and clarify zero day. IE the weeks or months of underground use before surfacing mainstream and becoming adopted by the likes of a signature based products. True zero day!
Lets not forget day 366 or 731, or whatever the vendors magic numbers are. These are the dates when really old threats get removed from signature based vender databases. I understand there removal for efficiency sake / speed of those products, but it has led to a marked increase in the re-appearance of malware previously thought extinct.
But lets juice things up! Worm writing/release for the sake of becoming famous is largely a thing of the past. There is now real money to be made in the organized IT underworld, and that means detecting threats that will never make it mainstream for signature based products.
Credentialed insiders and targeted corporate thieves, for whom a small bribe or feat of social engineering can quickly get them past the front door, is all it takes to ‘evade detection’ from legacy controls like firewalls and IPS. NBA may be the last line of defense here, but I think of it as only the first line of next generation controls.
One other noteworthy comment about NBA, is that its leverage of flow data allows it to see out into reaches of the network that would be otherwise to expensive or inconvenient to instrument with conventional controls. This leverage of the existing infrastructure as a means of instrumentation to NBA, provides coverage nearly as complete as end node agents, and far greater than that afforded to link based devices.
-CK
Cisco's NBA Solution
Hello,
Did you read this article regarding Cisco's NBA abilities?
http://www.networkworld.com/community/node/22284
Enterasys and HP are also putting NBA abilities on their switches.
NBA is a big part of seasoned NetFlow Analysis solutions:
http://www.plixer.com/products/scrutinizer_alarm.php
Sincerely,
Mike at plixer.com
Post new comment