Rollout: Profiler Spots Bad Guys - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

07:15 PM
Randy George
Randy George
Connect Directly

Rollout: Profiler Spots Bad Guys

Mazu's NBA appliance will help IT make more intelligent decisions and better react to security threats on the LAN and WAN.

Next, we turned our attention to Profiler's heuristical scanning capabilities. Once a database of normal network activity is in place, you can ask Profiler to make alerting decisions when abnormal network events are detected.The subject of our test attack was a SQL Server instance at the back end of a critical application in our test environment. The attacker was a Windows XP laptop that we placed on a valid internal subnet. The catch is that Profiler had never seen traffic between a host on this subnet and the SQL Server, so this communication was clearly an out-of-the-ordinary event that a security admin would want to know about. Profiler at first failed to automatically alert us; however, once we turned up the sensitivity of the scoring system, we were able to get an alert generated. Profiler provides the ability to predetermine how many more alerts would be generated by changing the sensitivity of the scoring system, enabling IT to find a good balance between safety and an overwhelming number of alerts.

Last on our security checklist was remediation. Profiler integrates with third-party vulnerability scanners and intrusion-detection systems, so additional reporting, alerting, or actions can be executed based on any conceivable network condition. We decided to have some fun with this by disciplining employees using prohibited P2P apps. We configured Profiler to launch a DoS-like counterattack on unauthorized P2P users by executing an aggressive Nessus scan of their systems to detect vulnerabilities. You can also give the Profiler SNMP read/write access to switches to automatically shut down the switch ports of users not adhering to policy. If outright counterattack is too aggressive for your environment, you could rely on Profiler's integration with Active Directory and DNS to provide the host name and currently logged-in user ID in your Profiler reports, then follow up.

Finally, while we were impressed overall with Profiler's core data and alerting, there were limitations in the reporting structure. We would have loved to see a Profiler report that displays round-trip network latency between hosts, for example, and there's no reporting on quality-of-service tags, so VoIP shops can't count on Profiler to verify end-to-end QoS over WAN links. Mazu says both functions will be added soon.

As you may have surmised, this puppy is expensive. Mazu would not reveal list pricing for the gear under review; however, our research suggests the product set we have in our lab, which includes dual copper gigabit collector ports and the 45-Mbps remote office sensor, would list for between $60,000 and $80,000. Still, despite the hefty price tag, we believe large enterprise networks will get their money's worth from network behavioral analysis. In fact, we're so intrigued by this space that we have a Rolling Review in the works. Stay tuned.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll