Q: How do you monitor network traffic data at work and gather insights into malicious activities? Which tools do you prefer? What sets them apart from other tools?
Here are the answers from the SecPro community members on Insights from Mobile Network Traffic Data:
Choose the correct data source, pick the correct points on the network to monitor and check the flows and packet payloads for suspicious content.
-Avishek, Data Scientist
To analyse network traffic I leverage both on network taps and span port to forward sniffed traffic to an NDR and ingest NetFlows in a SIEM.
The first allows for a near real time detection of suspicious activities and supports also network forensic, while the second has the capability to correlate NetFlow information with security events and logs datalake, enabling for deep insights into ongoing activities in the network.
-Luca, Security Solutions and Operations
We have a network monitoring tool and we monitor device, user and location attributes are collected and we have a machine learning model that helps track unusual activities and behavior that requires investigation as part of zero trust policy.
-Shiva, Director of Security Operations
The SecPro is a weekly security newsletter to help you stay sharp and upgrade your skills with trending threat insights, practical tutorials, hands-on labs, and useful resources. Build skills in as little as 10 minutes. Join the newsletter here.
