When it comes to network security, what you don’t know can definitely hurt you.

For Dan Lukas, lead security architect at Aurora Health Care in Milwaukee, his fear of the unknown keeps him motivated to protecting the healthcare organization’s resources, which supports about 30,000 users, 13 hospitals, 175 pharmacies and 125 clinics throughout Wisconsin.

“People may think they know what’s going on inside their network, but often they don’t,” Lukas says.

Recently, Lukas says his hub-and-spoke network fell victim to a spybot virus exploiting a Microsoft Server Service vulnerability, which “could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system,” according to a Microsoft Security Bulletin. A mobile user connected his infected laptop to the network, which kicked off the virus. Yet Lukas says the damage was minimal, because he had technology in place to detect the traffic changes.

About a year ago, Lukas deployed StealthWatch appliances from network behavior-analysis vendor Lancope, to get a better read on traffic out to the edge of Aurora’s distributed network in a way he felt an intrusion-prevention system could not. The technology helps him see in real time what is traversing his net and spot unknown traffic and new traffic patterns that could represent a threat.

“StealthWatch helps us see the state of the union, so to speak, right now — and not just the bad stuff. It also works to set application baselines and performance analysis,” Lukas says. “We have things that jump on our network that we don’t always have all the information on in terms of how they work, so we needed a way to spot them without necessarily knowing about them in advance.”

Another layer of security

Network behavior-analysis systems promise to add another layer of security to corporate networks by watching traffic for changes in typical actions. The systems typically perform a benchmark of traffic behavior and monitor for changes. Then if, for example, a relatively unused server begins to propagate many requests, the anomaly-detection system might suspect the host could be falling victim to a worm. Or if enterprise application traffic deemed content-sensitive starts to use Port 80 — the port left open on firewalls for Internet traffic — the products could send an alert about a possible breach of compliance policies.

Whitepapers

• Selecting Effective Virtual Directories
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users
• IT Departments on Data Security: A Research Concepts Survey
• Laptop Security Tool Helps Allina Hospitals Track 97% of IT Assets

View more SOFTWARE whitepapers

Webcasts

• Managing the End User Experience-A Real World Example of Success
• Lowering the Cost of Email Archives
• Google Webcast: Why archive email? Top challenges and best practices
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SOFTWARE webcasts

Special Reports

• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture
• IT Buyers Guide To: Collaboration

View more SOFTWARE special reports