1. Visibility, ability to provide deep insight into all of the network traffic.
2. Analytic engines, the ability to use multiple detection engines like ML-based, Zeek, Suricata, etc.
3. Scale, ability to address policy requirements for N/S and E/W deployments on-prem or in the cloud along with scaleable retention (weeks/months) for PCAP or network metadata.
4. Any and all NTA solutions need to be able to ingest threat intel and be able to integrate easily into SOAR and SIEM solutions.