Gartner recently released its Market Guide for Network Traffic Analysis (NTA), an invaluable tool for organizations looking to assess and compare the wide variety of Network Traffic Analysis solutions on the market. Modern organizations have seen a massive expansion of their cyber terrain as they have had to contend with a higher number of cloud services, distributed devices, more network traffic and additional endpoints. As the cyber terrain has grown, organizations have had to evolve their defensive strategies, moving from perimeter-focused security to more comprehensive strategies that emphasize holistic visibility of the cyber terrain.
In this blog, we will discuss what makes for a good NTA solution, why we believe Fidelis Cybersecurity was selected as a Representative Vendor for Network Traffic Analysis, and what differentiates the Fidelis platform from other NTA solutions.
What is Network Traffic Analysis?
With such a wide range of products describing themselves as “Network Traffic Analysis” solutions, it is first important to realize not all NTA is created equal. Because of this, it is useful to establish a working definition; Gartner defines Network Traffic Analysis (NTA) as a solution that “uses a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks.” According to the Gartner NTA Market Guide, a Network Traffic Analysis vendor must:
Be able to emphasize the threat detection phase, rather than the forensics — for example, packet capture (PCAP) analysis — phase of an attack
What to Look for When Buying an NTA Solution
In the NTA Market Guide, Gartner emphasized the growing importance of Detection and Response capabilities in an NTA solution. Remember, at the end of the day, it’s more than just analytics… it’s tying in that understanding of the network traffic as part of your overall detection and response capability. As cyber attackers continue to innovate and evolve their capabilities (increasingly with the help of adversarial machine learning), early detection and response remains one of the most effective strategies for defending enterprises against malicious actors. Unfortunately, cyber attacker dwell time is currently measured in terms of months instead of hours or days – this provides attackers with ample time to collect information, move throughout the network and damage or exfiltrate enterprise data.
Cyber attackers typically leverage multiple tactics to evade security tools, but in doing so they also create more opportunities for analysts to find them. Leading network traffic analysis (NTA) technology captures, processes, and analyzes network traffic to detect and investigate data that may indicate a cyber-attack. Typical network traffic analysis solutions use a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks.
In order to remedy the current dwell time situation, organizations need better options for both automated and manual detection. Ultimately, this is a visibility issue for organizations – many lack the holistic visibility of their cyber environment that is needed to detect threats in cyber relevant time. Ideal network traffic analysis solutions should aim to provide organizations with deep visibility into their own cyber terrain, as well as all the tactics and techniques that attackers use to infiltrate networks, expand control, and entrench themselves.
Similar to detecting threats, responding to threats effectively ultimately boils down to how much information you have at your disposal. Network Traffic Analysis solutions should therefore prioritize giving incident responders the tools they need to quickly make risk-based decisions. Having visibility from the network and cloud traffic to endpoint activity is a must to understand the who, what, when, where, and how — in addition to possessing the tools and automation needed to resolve issues as quickly as possible.
What Sets Fidelis Apart?
We believe Fidelis Cybersecurity is noted as a Representative Vendor for providing the above capabilities and much more, including bi-directional visibility across all ports and protocols, the ability to retrospectively detect and analyze rich metadata against the latest threat intelligence, consolidating similar alerts and evidence to speed alert triage, profile TLS encrypted traffic, and seamlessly integrate with Fidelis Endpoint to automate response actions.
Key benefits of the Fidelis platform include:
Download your free copy of the 2019 Gartner Market Guide for Network Traffic Analysis.