Optiv Cybersecurity Dictionary

What is NTA (Network Traffic Analysis) and NBA (Network Behavior Analysis)?

Network traffic analysis (NTA) and network behavior analysis (NBA) are fairly similar terms that describe technologies that use advanced analytics, machine learning and rule-based techniques to detect suspicious activity on enterprise networks. 


NTA tools analyze raw traffic and/or flow records (for example, NetFlow), build models that reflect normal behavior of devices and users who generate traffic over that network, and trigger alerts when network traffic deviates from the normal baseline. NetFlow-type data only indicates which devices are communicating over the network and the volume of their conversations. This data is generally considered to be lower fidelity compared to the raw traffic (the actual content of the conversations themselves). Unfortunately, the raw traffic is increasingly being encrypted, even within the enterprise network. Therefore, network analytics often requires the systems to decrypt ubiquitous SSL/TLS protocols to conduct analysis without the security of the underlying data being compromised. Network analysis tools can be used to monitor both north-south traffic on an enterprise network as well as east-west traffic (sometimes called lateral communications) between systems in a data center. 

Contact Us