An emerging class of network behavior analysis tools from vendors such as Arbor Networks Inc., Mazu Networks and Lancope Inc. are beginning to give companies a way to more quickly detect unusual or suspicious network behaviors, according to a November Gartner Inc. report. The products work by analyzing traffic and creating a baseline model of typical network behavior. They can then be used to generate real-time alerts when behavior strays from that norm.

Such products are designed to provide a defense against unknown vulnerabilities and threats, said Marty Roesch, chief technology officer and founder of SourceFire Inc., a Columbia, Md.-based vendor of network behavior analysis products. "It is somewhat naive to assume that people are going to be able to craft detection capabilities for every possible break-in," he said. Behavior analysis tools can enable a "continually updated awareness" of the network to detect patterns that might otherwise be missed.