Detecting Threats
What Is Threat Detection?
Outgoing threats occurring inside your network can be as dangerous as external attacks. Are you sure that you totally prevent them? Do they affect the security of your users and the network services’ stability?
You can detect network attacks that worsen network services quality and cause damage to the business and that generated by your network objects.
Internal threats
We are used to talking about external hacker attacks, but although it’s less obvious, your network is also subject to internal threats. Serious danger is posed by attacks that occur on your network devices, such as outgoing spam, the spread of viruses and worms, port scans, and DDoS attacks generated by bot-infected users. All of them can disrupt your network and thereby cause harm to a company’s reputation as well as degrade the quality of services provided to customers.
The active development of the IoT concept has resulted in hackers’ ability to detect vulnerable devices on your network, gain control over them and turn them into botnets capable to generate powerful outgoing attacks. The more devices involved, the harder the attack, so at some point in time, your network may be compromised and blocked by other external networks and services. This causes problems for both your network and all your customers.
Protection against incidents caused by outgoing attacks is realized through accurate detection of traffic anomalies and connections indicating that the object is infected. The use of the Stingray platform for analyzing outgoing threats ensures they will be detected and removed timely.
Detection and removing of outgoing threats
Protection against outgoing threats can be implemented by using the built-in Stingray SG network analytic tools which do not require additional configuration or activation. They provide the following security features:
- Identification of infected host on the basis of abnormal network activity and malicious connections patterns
- Automatic detection of botnet activity or spammer device
- Isolation of compromised devices in order to maintain network availability and to avoid being blacklisted
- Abnormal traffic redirection.
The Stingray SG notifies you in real-time about the detection of anomalies, suspicious network activity (potential attacks) as well as the protection actions outcomes. Flexible reports allow you to monitor trends, predict future attacks and prevent them in advance. The platform can be flexibly configured to work in every level network, both corporate and operator ones; its scalability ensures the most efficient use of all the features both in the short term as well as the long term — it suits the growing needs of your business ensuring the highest security level.
