1. Visibility, ability to provide deep insight into all of the network traffic.
2. Analytic engines, the ability to use multiple detection engines like ML-based, Zeek, Suricata, etc.
3. Scale, ability to address policy requirements for N/S and E/W deployments on-prem or in the cloud along with scaleable retention (weeks/months) for PCAP or network metadata.
4. Any and all NTA solutions need to be able to ingest threat intel and be able to integrate easily into SOAR and SIEM solutions.
What is NTA? Network Traffic Analysis is a type of security product that uses network communications to detect and investigate security threats and malicious or anomalous behaviors within the network. NTA uses a combination of behavioral modeling, machine learning, and rule-based detection to create a baseline reflecting what the organization’s normal network behavior looks like. They then continuously analyze flow records and/or network telemetry, and alert your security team to a...
1. Visibility, ability to provide deep insight into all of the network traffic.
2. Analytic engines, the ability to use multiple detection engines like ML-based, Zeek, Suricata, etc.
3. Scale, ability to address policy requirements for N/S and E/W deployments on-prem or in the cloud along with scaleable retention (weeks/months) for PCAP or network metadata.
4. Any and all NTA solutions need to be able to ingest threat intel and be able to integrate easily into SOAR and SIEM solutions.
5. It needs to fit with budget!
Thanks @Nicholas Arraje this is really useful.