- An awareness of internet standards for protocol and port relationships – it must have a reference table of known common ports and their expected traffic types.
- A ground truth source of network traffic that starts from the as-observed packet capture that went across the enterprise’s copper or fiber Ethernet.
- The ability to search through network traffic metadata extracted from the network traffic instead of having to comb through mountains of raw packet capture.
- The speed to query billions of indexed metadata database records to look for matching sessions that are guilty of protocol abuse.
Visit the Series Intro to see a complete list of the analytics covered.