Network Traffic Analysis (NTA) Features

Read what people say are the most valuable features of the solutions they use.
John Chesson says in an Awake Security Platform review
Chief Security Officer
The most valuable feature is the ability to see suspicious activity for devices inside my network. It helps me to quickly identify that activity and do analysis to see if it's expected or I need to mitigate that activity quickly. One of the best use cases was when we knew that one of our vendors that came into our site had a ransomware event at their corporation. I was able to quickly find his device using the Awake system and determine that there was no threat in our system. Something like that usually would have taken four to five hours. It took me about five minutes. Also, the Security Knowledge Graph is a display of the devices and the activities that we see. It doesn't use a heat map but it uses the size of a bubble - a circle representing a device that's probably highest on the threat list - and shows what all the connections are. That provides a great visual, at a glance, of what's going on in my environment at any one time. I really like that feature. I use the solution to identify and assess IoT solutions, if they connect to our network. The guest network is the best example. People use the guest network to connect to the thermostat or their Apple Watch. I can see that activity. If it's a network IoT type of thing, like a call system or Amazon Echo, I'm going to see that activity on our network and Awake should be able to call that up pretty quickly. View full review »
reviewer1160664 says in a Darktrace review
Infrastructure Architect at a tech vendor with 201-500 employees
The most valuable aspect of this solution is that it has very efficient search functionality. View full review »
reviewer1217625 says in an Awake Security Platform review
Head of Cyber Threat Operations at a energy/utilities company with 1,001-5,000 employees
There are quite a few valuable features. The most valuable aspect of the tech is the fact that it's like a "force-multiplier." It will reduce the amount of time and effort it takes to triage a potential compromise. That's important because, in everyday slang, time is money. If you've ever done a business-impact analysis — business continuity — if an attacker can reduce the confidentiality, integrity, or availability of a given system, it will have a financial impact. The quicker you can eliminate or mitigate the compromise, or avoid it altogether, the less money you are looking at spending to recover from a hack. If you can discover it, and detect it, and prevent it before the attack is successful, you actually have a return on investment. The Security Knowledge Graph tries to centralize things that are notable in the environment. Awake uses a lot of AI and ML to bring to an analyst's attention things that should be of concern. It reduces the amount of searching that an analyst has to do to find notable events or devices. It collates all that and it puts it in one spot. So if you have a device that is beaconing out to a malicious IP, to download malware or the like, Awake will see that and it will alert the analyst right away, rather than the analyst trying to find it in aggregate data. The data science capabilities of Awake Security are very strong. For a network traffic-analysis platform, it's definitely the best in industry. Vectra AI and Darktrace do similar things, but they don't leverage the math the same way that Awake does. As for the solution’s encrypted traffic analysis, encrypted traffic is the next nut to crack in logging and monitoring. What they're trying to look for are different cipher suites that can be used to encrypt potentially malicious traffic. It's trying to do something that no one else is really doing. The solution helps us monitor devices used on our network by insiders, contractors, partners, and suppliers. That's the "meat and potatoes" of what the technology does. If there's a device on the network, it doesn't matter who it's owned by. If it's on the network Awake will see it. Finally, the cloud TAPs for visibility into cloud infrastructure are 100 percent necessary. I don't know how else you're going to see it. View full review »
MohamedEl Azzouzi says in a Nagios Network Analyzer review
Production Systems Engineer at Sofrecom
The solution offers very good system monitoring. It's easy to manage your network, as well as your hardware and software. It's really useful. View full review »
reviewer1151310 says in a Cisco Stealthwatch review
Chief Consultant at a tech services company with 11-50 employees
The most valuable feature is anomaly detection, where it finds things that are not allowed internally. View full review »
Rick Pennington says in an Awake Security Platform review
Senior Security Engineer at a pharma/biotech company with 1,001-5,000 employees
* I really enjoy the query language on it. It makes it very easy. * The dashboards and displays are very intuitive. The query language makes it easy to query the records on the network, to do searches for the various threat activities that we're looking for. The dashboard, the Security Knowledge Graph, displays information meaningfully and easily. I am able to find the information that I want to find pretty quickly. Also, the data science capabilities of the are great. We aren't currently using it, but the behavior-based machine-learning that they do incorporate is really impressive. It's the primary reason why we picked up the product. It gives us a high-fidelity, anomaly-based detections. View full review »
Chiefopof576 says in a Darktrace review
Chief Operating Officer at Winstarbel Communications Limited
What I like about Darktrace is that you can quickly identify threats. I did a trial where I injected a small malware to see how long it takes for the program to identify it and to see that there is an anomaly. The response was good and it took the program less than a minute to detect it. The fast response time is definitely a plus. View full review »
OseremeOsobase says in a Darktrace review
Director at Baverianvine
The most valuable part of the product is the whole package. The features included in the Enterprise Immune System are complete and effective. Its detection engine is ridiculously good. View full review »
Amgad Yousry says in a Fidelis Elevate review
Senior Digital Forensics Engineer at Infort
ADR is the most valuable part of the solution. View full review »
Tom Gamali says in a Darktrace review
Group CISO/CTO at Gulf Based Private Conglermate
The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise. View full review »
NetworkMed21 says in a Cisco Stealthwatch review
Network Manager at a healthcare company with 1,001-5,000 employees
The most valuable features are its abilities to analyze data streams and determining what is inside those data streams to troubleshoot a problem. It is also easy to use. View full review »
NetworkAe7fe says in a Cisco Stealthwatch review
Network Administrator at a retailer with 1,001-5,000 employees
There's a lot of stuff on the new version we haven't had the chance to work with yet. View full review »
Toufeik Choukri says in a Cisco Stealthwatch review
PIC for Cyber Security at a university with 51-200 employees
The Cisco IOS is very important because that is what we have to teach our students. View full review »
Finn Kristensen says in a Cisco Stealthwatch review
Architect at Atea A/S
The most valuable features provided by this solution are visibility and information. The solution's analytics and threat detection capabilities are good. Network visibility is also really good. The encrypted traffic analytics work well, I don't see any problem with it. The time to value is very good, and it is based on visibility. For example, one of our customers was locked by Ransomware and it cost them two million Danish Krones (approximately $300,000 USD). The shipper was not able to send anything until we got everything working. It has reduced the amount of time it takes to detect and remediate threats, although it is hard to tell by how much. If you’re under attack and you get visibility then you know it, and you can take precautions as fast as possible. View full review »
Technicab71a says in a Cisco Stealthwatch review
Technical Consultant at a tech services company with 501-1,000 employees
The most valuable features are encrypted threat analysis and the ability to run jobs on entire flows. The reporting feature is helpful for creating documentation because you can export relevant information and paste it into the back of the report. I’ve found that the solution's analytics and threat detection capabilities are very useful. I would like it to be able to better integrate with Firepower, but it meets the needs that it was promising from the beginning. View full review »
Director7b47 says in a Cisco Stealthwatch review
Director of Operations at a manufacturing company with 1,001-5,000 employees
The most valuable features of this solution are the logging, keeping threats under control, and keeping our data and environment secure. View full review »
Mark Green says in a Cisco Stealthwatch review
Network Operations Manager at a tech company with 10,001+ employees
The most valuable feature of this solution is the reporting, in terms of operational metrics and what I can show to the execs. View full review »
Director9b3e says in a Cisco Stealthwatch review
Director of Networking and Telecom at a healthcare company with 1,001-5,000 employees
Being able to look at the Layer 7 application and get information about intrusion attempts is the most valuable feature for us. View full review »
Douglas Bentley says in a Cisco Stealthwatch review
Assistant Director of IT at University of Rochester Medical Center
The most valuable feature is the graphical analytics that it provides for mobile data. The solution's analytics and threat detection capabilities are fantastic. View full review »
SrNetworab58 says in a Cisco Stealthwatch review
Sr. Network Engineer at a tech services company with 10,001+ employees
The most valuable feature of this solution is that it give us insight into what's happening in our network. View full review »
Rafael-Garcia says in a Cisco Stealthwatch review
Infosec Manager at a energy/utilities company with 1,001-5,000 employees
Stability is the most valuable feature we have seen in this solution. View full review »
NetworkM6238 says in a Cisco Stealthwatch review
Network Manager at a financial services firm with 1,001-5,000 employees
The most valuable feature we got out of Stealthwatch is to be able to, while troubleshooting, go deep into one of our interfaces and verify what the bandwidth is and if there's any activity there that's causing problems. In terms of their analytics, we use the stats that we get from the tool itself to see that we're using a high utilization of the tool. As far as troubleshooting, it helps us to analyze some of the effects that our customers are seeing. View full review »
Rob Hartstone says in a Cisco Stealthwatch review
Network Operations Manager at Philips Electronics
The fact that it can identify down to an IP address of a system that is causing problems, or potentially causing problems, is very valuable. Its analytics and threat detection capabilities are also pretty good. Stealthwatch finds things that we don't normally see. There are false positives but it's pretty good at catching things that are doing bad things. View full review »
NetworkAcb23 says in a Cisco Stealthwatch review
Network Administrator at a mining and metals company with 1,001-5,000 employees
The most valuable feature of this solution is data hoarding because it catches threats on a frequent basis that we had no idea of. Like if certain hosts were talking to certain hosts. With this tool, we got that kind of information and it allows us to see when two hosts are talking when they shouldn't be talking at all. View full review »
LeadNetwd213 says in a Cisco Stealthwatch review
Lead Network Engineer at a retailer with 1,001-5,000 employees
The ability to send data flow from other places and have them all in one place is very valuable for us. View full review »
Sign Up with Email