<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Is Network Traffic Analysis (NTA) dead in an age of Network Detection and Response (NDR)?

Organizations seeking to proactively identify and respond to cyber threats in order to mitigate their security risk are looking to deploy advanced Network Detection and Response (NDR) solutions. 

This emerging product category has its origins in network intrusion detection, network-based threat hunting and incident investigation. 

In recent months, the research firm Gartner has adopted this terminology while deprecating their previously-used term, Network Traffic Analysis, or NTA. 

Does this mean NTA is dead? 

We don’t think so.

NTA is the process of intercepting, recording, and analyzing network traffic communication patterns as a means of detecting and responding to security threats.

Interestingly, Gartner earlier this year stated in its Top Ten Gartner Client Topics for Emerging Technologies for the first quarter of 2020, that technologies such as NTA, digital risk management, secure access service edge, and zero trust network access are emerging as critical needs for organizations.

Those needs are being driven by the new working environment that includes a wider adoption of digital technologies to support a large work-from-home employee base.

At Stamus Networks, we believe the term still has merit. 

Gartner, in a post covering its report on applying network-centric approaches for threat detection and response, said “high-maturity clients use [NTA] and other network-based technologies as one of the layers in their security operations centers [SOCs], alongside endpoint-, log- and cloud-based technologies for threat visibility. Some clients use network-based technologies as their sole threat detection tool.”

NTA is a Set of Capabilities, Not a Product Category

But rather than think of it as a product category, we at Stamus Networks use the term to refer to a set of critical features that are embedded in our Network Detection and Response solution, Scirius Security Platform

The reason is simple: when cyber security teams are searching for security threats through network threat hunting and investigating suspected incidents, the context provided by knowing what’s happening on the network is vital. And one of the key sources of that context is network traffic analysis (NTA).

We will dig into this more deeply in upcoming articles in this space.

Schedule a Demo of Stamus ND or Stamus NDR


Related posts

The Other Side of Suricata

You may be surprised to learn that Suricata produces not only IDS alerts but also produces logs of...

Webinar: The Case for Upgrading Your Network Defenses

On 12 October 2021, my colleague Ed Mohr and I will be giving a talk entitled “The Case for...