How does Network Monitoring Work?

Field Effect network appliance sensors observe all network traffic in a way that is unalterable by a threat actor and provide a vantage point to implement important security practices, such as asset identification and ghost IT identification (example: legacy devices long forgotten about in terms of IT management practices, or new IoT devices not expected to have a network connection).

The Field Effect network appliance provides high-resolution network capture, analysis, and storage for IPv4 and IPv6 networks. The network monitoring component is typically packaged in a turnkey ‘fail open’ inline network monitoring appliance. This offers the ability to identify threats and vulnerabilities affecting all devices within a network (other modes of deployment, including the use of network taps, are available).

Key capabilities include:

Baseline threat detection capabilities using threat-intelligence backed Indicators of Compromise (IOC) blacklists, as well as advanced content inspection and threat detection. Threat intelligence is based on commercial feeds, publicly available data, as well as Field Effect proprietary intelligence.
Advanced anomaly detection capabilities, including node behavior deviation detection.
Machine learning analytics, such as the ability to identify fixed-interval communication (beacons) across all network communications (a potential indicator of malware).
The ability to capture and rewind network traffic and events in the event of a suspicious or confirmed incident, to better understand what happened.
Protocol discovery and inspection, including the ability to identify weak, misconfigured or out of data protocols and communications that could make a network vulnerable.
Support for regulatory and industry standards (example: PCI) compliance efforts by identifying state, configuration and architecture issues.
Full capture (bit-level) analysis by default, as well as support for network summarization technologies (examples: IPFix, NetFlow, sFlow, pFlow) as required.