Introduction to CA Anomaly Detector › Features and Benefits

Features and Benefits

CA Anomaly Detector goes beyond intrusion detection and other more static security tools to take a broader view of the network. The program can monitor the entire network from end to end. Instead of painstakingly applying a fixed set of rules to traffic, CA Anomaly Detector uses a set of dynamic algorithms to create and continually modify a unique profile of the monitored network. CA Anomaly Detector uses this profile in combination with efficient mathematical analysis to determine whether network traffic is anomalous.

In addition to detecting suspicious or damaged packets, CA Anomaly Detector identifies abnormally high flow and volume sources that can indicate issues. CA Anomaly Detector easily scales to create integrated monitoring and reporting across your enterprise. You receive alerts about potential problems, such as:

• Infected hosts
• Victims of infected hosts
• Unauthorized application servers
• Misconfigured servers

Operating in real time, the program identifies fan-out, SYN-only, and ICMP flood traffic that usually indicates a spreading virus, worm, or port-scanning activity. CA Anomaly Detector also alerts you to:

• Null routing and TTL-expired traffic--helping you identify poorly configured ACLs or routing loops
• Large ICMP or DNS packets that may indicate tunneling activities
• Sources of fragmented packets that double-load network devices and that can ultimately result in retransmission of TCP traffic. These symptoms can signal a frag attack. Knowledge about such sources enables you to make configuration changes that can improve network or application performance.

CA Anomaly Detector reports only the essential data you need to secure your system and stop intrusions, other security issues, and performance problems. Report views are shown in the CA NetQoS Performance Center Console, where you can integrate them into an enterprise-wide perspective on network performance and health.

CA Anomaly Detector provides the following benefits:

• Trending, with per-host breakdown of anomaly sources for timely, precise troubleshooting
• Enterprise-wide correlation of anomalous behavior, broken out per host for full perspective of the behavior of key servers
• Identification of attacks before symptoms appear for prevention of downtime; quick virus isolation, and problem resolution
• Accurate and complete data, collected by leveraging existing flow collection infrastructure for easy installation and configuration
• Lightweight reporting of essential data--giving you quick access to crucial information for identifying anomaly causes
• Integration with the following related products for enterprise-wide reporting on network health and application performance from a single console:
  • CA NetQoS Performance Center
  • CA Network Flow Analysis
  • CA Application Delivery Analysis (SuperAgent)
  • CA NetVoyant
  • CA NetQoS Unified Communications Monitor