Gartner Blog Network

Category: 'nta' Blog Posts

from the Gartner Blog Network

Tricky: Will UEBA and NTA Ever Merge?

by Anton Chuvakin  |  February 13, 2019

Here is an obvious, but not really obvious question: will UEBA and NTA ever merge? Admittedly, normal security people who don’t care about the changing tides of vendors and markets...

Read more »

Webinar Q&A from Modern Network Threat Detection and Response

by Anton Chuvakin  |  February 11, 2019

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity....

Read more »

Upcoming Webinar: Modern Network Threat Detection and Response

by Anton Chuvakin  |  January 21, 2019

Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time:...

Read more »

Is Encryption an NTA / NIDS / NFT Apocalypse?

by Anton Chuvakin  |  November 16, 2018

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it...

Read more »

Let’s Go Fight IT for Logs? Agents? Taps?

by Anton Chuvakin  |  November 1, 2018

This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network...

Read more »

NTA: The Big Step Theory

by Anton Chuvakin  |  October 25, 2018

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for...

Read more »

Network Anomaly Detection Track Record in Real Life?

by Anton Chuvakin  |  October 15, 2018

As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be...

Read more »

Can We Have NDR, Please?

by Anton Chuvakin  |  September 28, 2018

We have EDR (thanks Anton!), but can we also have NDR – if only to make the world of acronyms more consistent? Instead, today we have NIDS (detection that is...

Read more »

NTA: The Other IDS?

by Anton Chuvakin  |  September 20, 2018

Have you ever wondered why academic literature - however silly much of infosec academic research is - always talks about “signature-based IDS” (“misuse”) and “anomaly-based IDS” (“abuse”), but most industry...

Read more »