University Effectively Using Anomaly Detection
Network monitoring technology initially developed at the University of New Brunswick several years ago eventually helped spawn the formation of Q1 Labs. Today UNB remains a beta tester and customer of the company's anomaly detection software.
The campus IT administration sees its role as enabling academic pursuits on the campus network, and not to tightly police how those machines are used. Still, when there is a problem, such as when unusual network traffic threatens to bring down the network, or a malicious code attack breaks out and begins to spread, the network administrators need to be able to respond quickly.
"When we face problems, it would be nice to just tell what is running across the communications lines," says Peter Jacobs, manager of communications and networks for the university.
About five years ago, UNB was running homegrown tools to monitor network traffic, but they saw the requirement as being more than they were willing to handle. Chris Newton, an IT specialist working at UNB at the time, started developing a new technology to meet the challenge.
The QRadar anomaly detection product from Q1 Labs is the result. UNB is a customer and early test site, and a close ally for research and product testing, continuing to feed ideas and suggestions for enhancements into Q1 Labs.
"The Internet used to be friendly," Jacobs says. "But now it's an untamed land that is dangerous to be hanging out in. The QRadar product is like a giant magnifying glass on the network, helping us to understand what is happening."
The monitoring lets the administrators know when they might need to increase bandwidth, and when something might need to be turned off, such as a worm launching an attack, or a student launching a scan of the university network for some reason.
By John Desmond
April 07, 2004
Security appliance vendor Aventail unveils a product designed to help companies that enable users to access corporate applications through public portals such as at airport kiosks tighten end-point security control.