Network Security - Network Behavior Anomaly Detection (NBAD)

NBAD focuses on how the network normally behaves, and flags anything unusual.

Key principle

Instead of searching for known attack signatures, NBAD:

• Learns normal traffic patterns

• Detects deviations from normal behavior

What it detects

• Zero-day attacks

• Insider threats

• Encrypted malware traffic

• Data exfiltration

Why it is better than signature-based systems

• Can detect unknown attacks

• Works even if traffic is encrypted

Example

If a workstation that normally sends 5MB/day suddenly sends 5GB at midnight, NBAD flags it as suspicious.