The University of Adelaide is rolling out a network behaviour analysis and response solution to gain 100 per cent insight into routed traffic in order to identify anomalies such as worms and interface congestion.

The university's network is comprised of approximately 1,000 infrastructure devices with nearly 10,000 hosts active on the network at any given time.

By using the StealthWatch System, the solution analyzes NetFlow traffic information from the university's 25 Cisco routers to provide a detailed view of activity.

Provided by Lancope, the solution allows the university to quickly and easily investigate potential issues related to security, network operations and applications.

The university's network operation and information security team leader, Lindsay Whitbread, said this type of tool is a 'must have' for any busy network.

Whitbread said it also detects intrusion attempts and can block hosts scanning the network for vulnerabilities, preventing security breaches before they occur.

It also helped application administrators quickly investigate the network connections associated with a server, which is performing unexpectedly.

Prior to implementing the solution, Whitbread said the team invested significant time and resources developing scripts to create NetFlow reports and to identify important network events.

"Only one staff member could drive the system, which often meant missing important network incidents until some time after an event occurred," he said.

"Now several people can effectively analyze NetFlow information in real time without requiring specialized training."

The University imports Cisco PIX firewall logs into the StealthWatch management console to give operations staff additional network behavior data.

This is in addition to the D-1000 identity appliance used to associate users with corresponding IP addresses to help network operations staff quickly identify individuals responsible for suspect network activity.

"This solution has dramatically increased our network visibility; we have gone from analyzing 10 per cent of network connections to 95 per cent or higher," he said.

"Tasks which we used to avoid because of the effort required, are now performed quickly and efficiently."

When seeking out a solution, Whitbread said the user interface was a key consideration.

"The tabbed layout in the GUI gives us an intuitive way to run several reports in parallel, so we can quickly and easily verify all aspects of a network incident, including the behavior of key hosts, historical incidents of a similar nature and other trends," he said.

Lancope's VP of international field operations, David Schwickerath, said the university has been able to harness the system to achieve real bottom-line benefits like decreased user downtime, better data security and greater IT staff efficiency.