Why Network Traffic Analysis Evolved
Any attacker attempting to gain unauthorized access to resources or steal valuable data will have to communicate across their target network at some point. Command and control, reconnaissance, lateral movement, and data exfiltration are all fundamental steps in a targeted attack, and they're all detectable on the network if you know what to look for. That means observed network data is the best source of insight about ongoing attacks.
At the same time, extracting timely insights from network traffic, and knowing how to act upon them is increasingly challenging. Many parts of the network remain opaque to SecOps teams due to encrypted data, complex hybrid networks, cloud and containerized applications, operational data silos, and many other circumstances.
The network is full of darkspace, and hackers know it. Sophisticated hackers increasingly leverage these blind spots to hide their tracks.
Now, more than ever, SecOps needs visibility, insights, and answers from the network, and a new product category is emerging to help provide it at a speed and scale that has never before been possible. The category is called Network Traffic Analysis (NTA), and industry analysts from 451 Research, Gartner, EMA, SANS, ISC(2) and others have written with interest and excitement about the possibilities opened up by the new category.
In fact, in late February 2019, Gartner published their first Market Guide for Network Traffic Analysis, which we highly recommend you read as an introduction to the space and its Representative Vendors. (Full disclosure, ExtraHop is one of the 17 vendors included in the guide.)
NTA for Enterprise SecOps Teams
In a sea of confusing and proliferating vendors targeting every aspect of cybersecurity, we thought it would be valuable to clarify exactly what Network Traffic Analysis for the enterprise means, why it is so urgent, and what capabilities set enterprise NTA apart from those laid out in Gartner's Market Guide.
Check out this 6 minute video to learn how Network Traffic Analysis can illuminate the darkspace in the enterprise so SecOps teams can detect and respond to threats quickly and confidently: