Detection in the network has historically been done based on either signatures or reputation lists. Both of these technologies have some severe limitations.
- Signatures are reactive detection for attacks that was already seen somewhere else
- Signature detection can easily be verified and evaded by the attacker
- Reputation lists are reactive detecting and generally causes lots of false positives and false negatives.
NTA – Network Traffic Analysis technology introduces a new approach to detecting threats that does not depend on signatures or reputation lists.
Instead of attempting to create a unique fingerprint for each individual threat, these platforms seek out the fundamental actions and behaviours that threats must perform to succeed.
By looking at network traffic, enriching it and then apply machine learning and behaviour analytics, NTA technology will detect infected hosts and prioritize them based on risk.
If you think of a sentence as an analogy, a signature tries to give every subject a proper name, while NTA focuses on the verb. While the names may change, the malicious action remains the same.
No endpoint technology needs to be deployed.
Provides real-time threat visibility into cloud and data centers workloads, servers, laptops, printers, BYOD and IoT by extracting and analysing metadata from packets.
Enables detection of threats that do not generate events that can be used for threat detection.
Enabled detection of breaches into platforms that cannot have endpoint detection deployed.