<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Is Network Traffic Analysis (NTA) dead in an age of Network Detection and Response (NDR)?

Organizations seeking to proactively identify and respond to cyber threats in order to mitigate their security risk are looking to deploy advanced Network Detection and Response (NDR) solutions. 

This emerging product category has its origins in network intrusion detection, network-based threat hunting and incident investigation. 

In recent months, the research firm Gartner has adopted this terminology while deprecating their previously-used term, Network Traffic Analysis, or NTA. 

Does this mean NTA is dead? 

We don’t think so.

NTA is the process of intercepting, recording, and analyzing network traffic communication patterns as a means of detecting and responding to security threats.

Interestingly, Gartner earlier this year stated in its Top Ten Gartner Client Topics for Emerging Technologies for the first quarter of 2020, that technologies such as NTA, digital risk management, secure access service edge, and zero trust network access are emerging as critical needs for organizations.

Those needs are being driven by the new working environment that includes a wider adoption of digital technologies to support a large work-from-home employee base.

At Stamus Networks, we believe the term still has merit. 

Gartner, in a post covering its report on applying network-centric approaches for threat detection and response, said “high-maturity clients use [NTA] and other network-based technologies as one of the layers in their security operations centers [SOCs], alongside endpoint-, log- and cloud-based technologies for threat visibility. Some clients use network-based technologies as their sole threat detection tool.”

NTA is a Set of Capabilities, Not a Product Category

But rather than think of it as a product category, we at Stamus Networks use the term to refer to a set of critical features that are embedded in our Network Detection and Response solution - Stamus Security Platform (SSP)

The reason is simple: when cyber security teams are searching for security threats through network threat hunting and investigating suspected incidents, the context provided by knowing what’s happening on the network is vital. And one of the key sources of that context is network traffic analysis (NTA).

Network detection and response (NDR) represents the state of the art in network security and combines the functionality from legacy IDS and NSM systems and adds anomaly detection, host insights, high-fidelity Declaration of Compromise, guided threat hunting, and automated alert triage. Learn how to optimize your network security with NDR.

D. Mark Durrett

Mark is the chief marketing officer (CMO) at Stamus Networks, where he has responsibility for go-to-market strategy and execution. Mark started his career as an electrical engineer and worked in digital circuit design of networking and telecom hardware for over a decade. He has over 25 years of experience leading marketing, product management and engineering for technology companies. Mark has served as the senior product and marketing executive at Netsertive, Emerging Threats, Overture Networks, Bell and Howell, Covelight Systems and Hatteras Networks. Mark resides in North Carolina, USA.

Schedule a Demo of Stamus Security Platform


Related posts

In the Trenches with NDR: NDR Discovers Crypto Wallet Stealer on U.S. University's Network

Tl:DR: A Large U.S. university lacked sufficient visibility into a large segment of its environment...

The Rise of Network Infrastructure Attacks and What to Do About Them

TL;DR: In recent months, CISA, MITRE, CVE.org, and others have announced critical vulnerabilities...

In the Trenches with NDR: K-12 School District Maximizes Visibility While Avoiding Alert Fatigue

TL;DR: An American school district needed to monitor over 5000 school-owned student devices, making...