Two of my favorite movies are Crimson Tide and The Hunt for Red October. OK, so I’ve just aged myself…. But, I’m intrigued by sonar and how it’s used. There is the active sonar that sends out pings that generate that classic submarine sound: PINGggggggg! In IT terms, this is just like using Nessus to actively scan a FW, looking for open ports and possible vulnerabilities: ping! But of course, just as the other ship, submarine or now-deaf whale knows when they’ve been actively scanned, so does a FW.
Where it gets really interesting is when submarines run silent and rely on passive sonar to figure out what’s going on in the murky deep. As shown in movies (and this is the extent of my nautical knowledge) the passive sonar system can be used to detect sound and motion, possibly indicating a lurking target, or it could just be a whale with bad manners.
In the IT world, the equivalent of passive sonar is IT Search. It allows an operator to scan (silently) oceans of data and pull out subtle sounds (drop or increase in event frequency) and motion (events that alter the normal flow of activity). Of course, just as with passive sonar, IT Search may find potential attacks or just system operators with bad operational manners.