Research Report

2019 Gartner Market Guide for Network Traffic Analysis

Gartner defines Network Traffic Analysis (NTA) as a solution that “uses a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks.”

According to The Gartner NTA Market Guide, a Network Traffic Analysis vendor must:

  • Analyze raw network packet traffic or traffic flows (for example, NetFlow records) in real time or near real time
  • Have the ability to monitor and analyze north/south traffic (as it crosses the perimeter), as well as east/west traffic (as it moves laterally throughout the network)
  • Be able to model normal network traffic and highlight anomalous traffic
  • Offer behavioral techniques (non-signature-based detection), such as machine learning or advanced analytics, that detect network anomalies
  • Be able to emphasize the threat detection phase, rather than the forensics — for example, packet capture (PCAP) analysis — phase of an attack

We believe, Fidelis Cybersecurity is noted as a Representative Vendor for providing the above capabilities and much more, including bi-directional visibility across all ports and protocols, the ability to retrospectively detect and analyze rich metadata against the latest threat intelligence, consolidating similar alerts and evidence to speed alert triage, profile TLS encrypted traffic, and seamlessly integrate with Fidelis Endpoint to automate response actions.

Learn from Gartner About the Key Components of a NTA Solution