What are the most important criteria to keep in mind when choosing an NTA tool?
1. Visibility, ability to provide deep insight into all of the network traffic.
2. Analytic engines, the ability to use multiple detection engines like ML-based, Zeek, Suricata, etc.
3. Scale, ability to address policy requirements for N/S and E/W deployments on-prem or in the cloud along with scaleable retention (weeks/months) for PCAP or network metadata.
4. Any and all NTA solutions need to be able to ingest threat intel and be able to integrate easily into SOAR and SIEM solutions.
5. It needs to fit with budget!
Thanks @Nicholas Arraje this is really useful.