Introduction to CA Anomaly Detector › Features and Benefits
Features and Benefits
CA Anomaly Detector goes beyond intrusion detection and other more static security tools to take a broader view of the network. The program can monitor your entire network from end to end. Instead of painstakingly applying a fixed set of rules to traffic, CA Anomaly Detector uses a set of dynamic algorithms to create and continually modify a unique profile of the network. The program uses this profile in combination with efficient mathematical analysis to determine whether network traffic is anomalous.
In addition to detecting suspicious or damaged packets, CA Anomaly Detector identifies abnormally high flow and volume sources that can indicate a variety of issues. The program easily scales to create integrated monitoring and reporting across your enterprise. You receive alerts about potential problems, such as:
- Infected hosts
- Victims of infected hosts
- Unauthorized application servers
- Misconfigured servers
Operating in real time, the program identifies fan-out, SYN-only, and ICMP flood traffic that usually indicates a spreading virus, worm, or port-scanning activity. The program also alerts you to:
- Null routing and TTL-expired traffic--helping you identify poorly configured ACLs or routing loops
- Large ICMP or DNS packets that may indicate tunneling activities
- Sources of fragmented packets that double-load network devices and that can ultimately result in retransmission of TCP traffic. These symptoms can signal a frag attack. Knowledge about such sources enables you to make configuration changes that can improve network or application performance.
The program reports only the essential data you need to secure your system and stop intrusions, other security issues, and performance problems. Report views are shown in the Performance Center Console, where they contribute to an enterprise-wide perspective on network performance and health.
CA Anomaly Detector provides the following benefits:
- Trending, with per-host breakdown of anomaly sources for timely, precise troubleshooting
- Enterprise-wide correlation of anomalous behavior, broken out per host so you get a full perspective of how key servers behave
- Identification of attacks before symptoms appear so you can prevent of downtime; isolate viruses quickly, and resolve problems
- Accurate and complete data, collected by leveraging existing flow collection infrastructure for easy installation and configuration
- Lightweight reporting of essential data--giving you quick access to crucial information for identifying anomaly causes
- Integration with the following related products for enterprise-wide reporting on network health and application performance from a single console:
- CA Performance Center or CA NetQoS Performance Center
- CA Network Flow Analysis
- CA Application Delivery Analysis (SuperAgent)
- CA NetVoyant
- CA Unified Communications Monitor
Copyright © 2015 CA Technologies.
All rights reserved.
|
|