1. Visibility, ability to provide deep insight into all of the network traffic.
2. Analytic engines, the ability to use multiple detection engines like ML-based, Zeek, Suricata, etc.
3. Scale, ability to address policy requirements for N/S and E/W deployments on-prem or in the cloud along with scaleable retention (weeks/months) for PCAP or network metadata.
4. Any and all NTA solutions need to be able to ingest threat intel and be able to integrate easily into SOAR and SIEM solutions.
Network Traffic Analysis (NTA) is used to monitor, analyze, and optimize the flow of network traffic to identify performance issues, security threats, and ensure efficient data handling.
NTA tools enable organizations to visualize network activity in real-time and support historical data analysis. Users can detect anomalies, uncover hidden threats, and optimize their IT infrastructure. Advanced NTA solutions offer machine learning capabilities to automate threat detection and response,...
1. Visibility, ability to provide deep insight into all of the network traffic.
2. Analytic engines, the ability to use multiple detection engines like ML-based, Zeek, Suricata, etc.
3. Scale, ability to address policy requirements for N/S and E/W deployments on-prem or in the cloud along with scaleable retention (weeks/months) for PCAP or network metadata.
4. Any and all NTA solutions need to be able to ingest threat intel and be able to integrate easily into SOAR and SIEM solutions.
5. It needs to fit with budget!
Thanks @Nicholas Arraje this is really useful.