Network worms propagate through your network rapidly by looking for hosts with common vulnerabilities, automatically exploiting those vulnerabilities to spread to those hosts, and finally using those hosts to spread even further. To find vulnerable systems, worm-infected machines scan around looking for hosts with similar weaknesses. This scanning behavior is distinctive and quite alarming if several internal systems show the same bad pattern in rapid succession.
NMAP and other “port scanning” tools show a very similar behavior; however, they may be scanning one or multiple systems on one or multiple ports. These kinds of scans are a very common reconnaissance technique used by attackers, and can serve as an early warning for other nasty attacks to come.
FlowTraq analyzes the traffic on your network to look for worm and scan behaviors. To avoid costly false positives FlowTraq actively learns from your traffic and remembers typical patterns, allowing you to focus on solving the real network threats.