According to PGP Corporation and the Ponemon Institute, the average cost per security breach increased by $100K from 2008 to 2009, however the number of reported breaches dropped by 159. The reason for the drop in reportings is likely a result of training and awareness programs. Also, the use of encryption is up 44 percent over 2008.
The effort to prevent data loss is a top priority for many organizations. Identifying odd traffic patterns and suspicious data transfers has become a concern for many data security professionals. Flow Analytics, an add on to our NetFlow collector, allows administrators to detect odd traffic patterns, such as servers communicating to unauthorized hosts on the Internet.
A well constructed saved filter can provide the following:
- Detect odd traffic patterns from any point on the network using NetFlow.
- Detect who (i.e. user ID) initiated the data transfer and alarm accordingly.
- Post an alarm that provides details on:
- The IP hosts involved, including user name.
- The amount of data transferred (e.g. odd uploads).
- The services used.
- How long the communications lasted, including frequency over time.
- Be applied to multiple routers in geographically dispersed locations.
- Operate without protocol restrictions.
Avoid False Positives
Allowed web sites that may cause false positives, such as youtube.com or twitter.com, can be excluded. Oftentimes, a bit of tuning is necessary.
Availability
This is not a new feature. Flow Analytics, an add-on to Scrutinizer NetFlow Analyzer, has been able to do this for some time. Contact us if you would like some help setting this up.
