<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Is Network Traffic Analysis (NTA) dead in an age of Network Detection and Response (NDR)?

Organizations seeking to proactively identify and respond to cyber threats in order to mitigate their security risk are looking to deploy advanced Network Detection and Response (NDR) solutions. 

This emerging product category has its origins in network intrusion detection, network-based threat hunting and incident investigation. 

In recent months, the research firm Gartner has adopted this terminology while deprecating their previously-used term, Network Traffic Analysis, or NTA. 

Does this mean NTA is dead? 

We don’t think so.

NTA is the process of intercepting, recording, and analyzing network traffic communication patterns as a means of detecting and responding to security threats.

Interestingly, Gartner earlier this year stated in its Top Ten Gartner Client Topics for Emerging Technologies for the first quarter of 2020, that technologies such as NTA, digital risk management, secure access service edge, and zero trust network access are emerging as critical needs for organizations.

Those needs are being driven by the new working environment that includes a wider adoption of digital technologies to support a large work-from-home employee base.

At Stamus Networks, we believe the term still has merit. 

Gartner, in a post covering its report on applying network-centric approaches for threat detection and response, said “high-maturity clients use [NTA] and other network-based technologies as one of the layers in their security operations centers [SOCs], alongside endpoint-, log- and cloud-based technologies for threat visibility. Some clients use network-based technologies as their sole threat detection tool.”

NTA is a Set of Capabilities, Not a Product Category

But rather than think of it as a product category, we at Stamus Networks use the term to refer to a set of critical features that are embedded in our Network Detection and Response solution, Scirius Security Platform

The reason is simple: when cyber security teams are searching for security threats through network threat hunting and investigating suspected incidents, the context provided by knowing what’s happening on the network is vital. And one of the key sources of that context is network traffic analysis (NTA).

We will dig into this more deeply in upcoming articles in this space.

Related posts

Suricata: The First 12 Years of Innovation

Suricata, the open source intrusion detection (IDS), intrusion prevention (IPS), and network secu..........

Network Intrusion Detected with Suspicious User Agents - Uncovered by SSP

Stamus Networks Network Detection and Response (NDR) solution helps ba..........

Uncovered with SSP: Shadow IT

In this series of articles, we explore a set of use cases that we have encountered in real-world ..........