What is Network Traffic Analysis (NTA)?
NTA feeds network traffic information into a platform and performs Deep Packet Inspection (DPI) to identify at least 4000 applications and build behavior models on the network traffic.
What is Network Detection and Response (NDR)?
NDR takes the rich data provided by NTA and correlates it to detect anomalous and potentially detrimental behavior. Next, action is taken based on pre-determined playbooks to halt unapproved activities.
The power of deep-packet inspection with the ability to analyze and act on unwanted behaviors means quicker action on bad actors. Together, the impact of an incident is minimized.
Benefits of Managed NTA/NDR
NTA/NDR tools are powerful, but powerful tools also require management and monitoring to realize their full ability. Gain superior security and offload tactical management by utilizing BriteProtect’s managed NTA/NDR service to remove alert fatigue and achieve better accuracy.
Powerful, yet light-weight sensors with a DPI engine are able to monitor both east/west and north/south traffic.
Leverage Existing NGFW
By leveraging your existing NGFW infrastructure, deployments are easy and full coverage is obtained.
Complete Cloud Visibility
Complete visibility across public, private and hybrid cloud environments.
Identify Assets Automatically
Identify assets, users and applications and their associated risk automatically.
Machine Learning Detection
Machine learning driven by use cases provides detection with supervised, unsupervised ML and deep learning and eliminates false positives.
Create context to investigate and respond to attacks quickly and directly through the platform.
Managed NTA and NDR Services
Configuration and Maintenance
To have real-time NTA and NDR functions, data from a NGFW must be properly fed into the platform. Next, data is reduced to relevant metadata, including payload data to provide a significant reduction in the amount of storage necessary. Proper initial setup and maintenance are critical to see all data and reduce storage needs.
- Appliance Set-up & Configuration
- Software & Firmware Updates
- Subscription, Signatures and Intelligence Feed Updates
Software Tuning and Policy Refinement
Like most security tools, NTA and NDR are not set and forget. They require careful tuning and management. Utilize a wide variety of out-of-the-box detections or have custom ones built to fit your organization’s needs.
Out-of-the-Box Detections Include:
- Application Usage Anomalies
- Long App Session Anomalies
- Unapproved Asset Activity
- Anomalies Firewall Behavior
Once abnormalities are detected, proper alerting and response is needed to truly protect an organization. Brite’s security analysts will investigate and respond to alerts based on pre-determined playbooks. When link with BriteProtect’s XDR service, automated response options become available.
- Playbook Development
- Automated Incident Response