News

As a recent test in Vietnam shows, the current face recognition algorithm used in laptops, faces are all about as flat as a piece of paper and can easily be adjusted or manipulated to reflect a legit user ID. 

Amazingly enough, even pictures that were taken by the laptops' built-in webcam were just as flat. 

Arbor Networks once again has completed a survey of the largest ISPs and content providers around the world. Some 70 lead security engineers responded to 90 questions covering a spectrum of Internet backbone security threats and engineering challenges. This fourth annual survey covered the 12-month period from August 2007 through July 2008.

A copy of the full report is available at www.arbornetworks.com/report

Read about the most significant findings.

To really gain insight into how secure their data networks are, organizations need to know what’s actually happening on the networks. Network behavior analysis (NBA) systems are designed to help organizations gain greater visibility into network activity so they can more easily detect anomalies that might indicate malicious or suspicious actions.

NBA systems work by analyzing network traffic patterns through data gathered from network devices such as IP traffic flow systems or via packet analysis. They alert managers whenever there’s any type of suspicious activity, and enable managers to analyze and respond to such activity before any major harm is done to data or systems.

There has been s teady growth of interest in NBA technology, but it remains a small market, says Lawrence Orans, research director at Gartner. “We don’t anticipate a ‘hockey stick’ curve in NBA interest any time soon,” Orans says. “Overall, the demand is driven by a need for more visibility in the network.”

According to Gartner, NBA can be used to detect network behavior that might not be detected by other security technologies such as firewalls, intrusion prevention software, and security information and event management (SIEM) systems. Gartner says those technologies might not identify certain threats unless they are specifically configured to look for them.

Gartner research recommends that organizations should implement firewalls and intrusion detection/intrusion prevention (IDS/IPS) systems before investing in NBA systems.

The potential benefits of NBA come in two primary areas: security and network operations, Orans says. The security benefits include monitoring networks for malware. NBA detects unauthorized reconnaissance scanning by attackers looking for prospective targets. The systems can also detect infected devices that are spreading worm traffic through a network, unauthorized applications and rogue Web servers. They can monitor guest access to the network and generate audit-trail reports.

Operations benefits include improved network troubleshooting, Orans says. NBA can help administrators reduce the time they need to resolve network problems. The products also help identify real threats versus network performance issues, and can detect bandwidth-consuming downloads that can affect performance.

One of the biggest challenges of using NBA systems is the possibility of getting false positives, which can result in administrators spending lots of time chasing down alerts that turn out to be nothing problematic. One way to help minimize the false positives is to effectively configure and fine-tune the systems before putting them into production on the network.

Orans says there is a common misconception that NBA systems can enable automated response capabilities to contain attacks and protect against threats. In reality, he says, most administrators are reluctant to enable automated responses because of the high potential for false positives.

Aberdeen's recent research in Vulnerability Management sheds new light on how organizations are keeping pace with the never-ending flow of threats and vulnerabilities to their networks, computers, and application software.