Published on August 18th, 2017 | by Tony Thompson
Gartner Highlights Threat-Facing Technologies
Gartner has recently published its “Hype Cycle for Threat-Facing Technologies, 2017” and SS8 has been recognized as a sample vendor in the emerging category of Network Traffic Analysis (NTA).
As I wrote about in a previous blog post, the category of NTA is certainly heating up. In fact, Gartner has designated Network Traffic Analysis with a ‘High’ Benefit Rating, citing it “…Improves the ability to spot attacks with a higher degree of certainty.”
In the report, Gartner analysts Jeremy D’Hoinne and Lawrence Orans emphasize, “Malware and other threats that have gone inside the network without being detected and have managed to infect the organization’s assets is a use case where enterprises experience long dwell times before noticing an intrusion and acting on it… Network traffic analysis improves the ability of security analysts to spot these attacks with a higher degree of certainty, facilitating a triage of events and prioritization of actions to be taken.”
We agree the benefit rating for NTA is high. Organizations are overwhelmed with complex user interfaces, security data and alerts, and the lack of resources makes it impossible to investigate every possible indicator of compromise.
The report adds, “NTA solutions, because they analyze internal traffic consisting of either lateral traffic (east-west), inbound/outbound traffic (north-south) or both, may be able to detect malware and other malicious activities as they spread through the network. However, the network traffic the attacker generates will be analyzed by NTA solutions, providing contextualized information to differentiate legitimate and abnormal activities. NTA vendors are heavily focused on workstation behavior analysis.”
The focus on workstations and devices is key, and we believe SS8 stands out in this category by providing simple-to-understand threat information that is device-centric, versus alert fatigue. SS8 BreachDetect uses a device-centric, recursive analytics model for network-based threat detection. This combined with a simplified threat board that points directly to devices-of-interest and offers visualizations of the cyber kill chain for each device.
Ask us more about why we lead in NTA by commenting here or emailing us at firstname.lastname@example.org.
Tony Thompson is VP and general manager of threat detection for SS8 networks.