Earlier last year, Anton Chuvakin of Gartner posted a question I’ve spent the past few years focused on. Actually, I’ve focused on it since working in the Network Security Wizards office on the Dragon IDS back in Y2K, back when it was called Y2K.
In the post, Anton posits the question, “But can somebody please explain to me why NBA then and NTA now is not just another kind of network intrusion detection system?”
Earlier in the post, NTA is defined as (my emphasis added): “This Gartner term (NTA for ‘Network Traffic Analysis’) is essentially our view of the evolution of NBA (network behavior analysis) or NBAD of the olde times. IMHO, NTA was born to separate the old, mostly flow-based (layer-3) technology from the modern layer-7 based tech …”
The answer is simple, but to understand the difference between 1990s intrusion detection system (IDS) and current NTA solutions, it’s important to understand how the perimeter of the enterprise has changed, how network traffic has changed, how endpoints have changed and how attacker MOs have changed.
By Gary Golomb