Network Traffic Analysis

Table of Contents

What is Network Traffic Analysis?

If you hear about Network Traffic Analysis (NTA) for the first time, You probably first think of classic network monitoring, but network traffic analysis goes much further than that.

While classic IDS/IPS solutions in network monitoring focus on cross-network traffic, Network Traffic Analysis includes precise monitoring of all traffic in your own network in real time with a particular focus on threat hunting, even if the monitored traffic is encrypted should act and you cannot check the content. Attackers and malware have to communicate over the network, which conversely means that even if you cannot detect attackers and malware themselves, you can detect their traffic.

Network Traffic Analysis: The network doesn't lie

PSN Icon Man in the Middle

Network analysis is essentially about intercepting and examining data packets in order to draw conclusions about the information they contain from the recurring patterns of communication.

The general rule is: The more data packets have been intercepted or monitored, the more reasonable conclusions can be drawn about the content of a message flow.

PSN Icon Idea
Network Traffic Analysis in itself is not a new concept. With the advent of radio devices, militaries have been busy analyzing radio connections depending on, for example, patterns such as how often the radio is transmitted, who is transmitting with whom, and who started a radio connection. It also looks at how long radio communications lasted in order to draw conclusions about chains of command, troop movements, intentions, preparations, planning and identities
PSN Icon AI
Network Traffic Analysis is also closely related to cryptanalysis and in modern applications of Network Traffic Analysis, Social Network Analysis (SNA) is also used.
Do you want to continuously optimize your IT security?
Find out more about our Pentest as a Service offer now!
About Pentest as a Service

Network Traffic Analysis: Welcome to the Jungle

PSN Icon network IoT
Well-functioning network monitoring has always been a challenging task. With the advent of smartphones, tablets, IoT, cloud computing,
PSN Icon Hacker gray
With attackers who continually develop new approaches, adapt their old ones, and rely on regularly used services such as programs within the company in order to move through the network as undetected as possible, come the classic approaches to monitoring such as IDS/IPS and common endpoint protection solutions to its limits when it comes to proactively detecting potentially problematic abnormal traffic or behavior.
PSN Icon watch web

A short example:
For an IDS or IPS system, it is easy to write a rule that says: “If connections to the Tor network are attempted, I do X:”.
Things look different if you want to sensibly implement rules like: “Speak when twice as much data flows from the file server in period X than the 2-week average.”

PSN Icon AI

Network Traffic Analysis as the eyes of the network

Tools and systems that today attempt to technically implement Network Traffic Analysis (Network Detection and Response, NDR for short) attempt to close this gap between time and knowledge.

By identifying road users within the network communication, how they relate to each other and ascribing their typical behavior to them, the detection of malicious intentions should be automated as far as possible.

This in turn should enable IT security personnel to implement tailor-made threat detection rules for each company in order to simplify threat hunting and also to fuel incident response workflows.

Are you looking for a professional partner for IT security?
Contact us now!
Contact us now

SIEM vs NDR a new player joined the SOC

An Security Operation Center (SOC) is now synonymous with using a Security Information and Event Management (SIEM) product. It is the backbone of the SOC and emerging NDR products will not change that. In the coming years, they will become the second essential pillar of the SOC.

SIEM is primarily based on the collected logs configured on the monitored devices. NDRs that use network traffic analysis through a lot of machine learning are independent of this. If SIEM is the skeleton of a SOC, NDRs become the muscles of the SOC through Network Traffic Analysis.

Newsletter form (#7)

Become a Cyber ​​Security Insider

Get early access and exclusive content!


By signing up, you agree to receive occasional marketing emails from us.
OTHER CONTRIBUTIONS

Table of Contents

PSN_KU_Cover
NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices


By signing up, you agree to receive occasional marketing emails from us.