TEHTRIS NTA [EN]

TEHTRIS NTA

TEHTRIS NTA is a tactical solution for analyzing your network flows in real time, using flow capture, metadata (Netflow) and passive audit mechanisms.

Network Traffic Analysis

TEHTRIS NTA is a tactical solution for analyzing your network flows in real time, using flow capture, metadata and passive audit mechanisms. Depending on its position in your infrastructure, TEHTRIS NTA can monitor both north/south and east/west flows. Several modules are available in TEHTRIS NTA, including signature-based detection and behavioral-based techniques. TEHTRIS NTA continuously learns and examines all flows to perform advanced analysis and detect network anomalies

By recording metadata in Netflow mode, TEHTRIS NTA offers the ability to go back in time, finding out who spoke to whom, when and how. Unlike many solutions, TEHTRIS NTA does not require a SIEM to be useful, since the tool is directly integrated into the TEHTRIS XDR Platform. In addition, TEHTRIS NTA is not limited to signature or user behavior analysis to raise alerts.

Latest Updates

Added new dashboard features on alerts
Added Data Science features on alerts
Implementation of compatibility between TEHTRIS alerts and MITRE Att&ck rules
Integration of TEHTRIS NTA into the new TEHTRIS XDR Platform console
More than 50,000 security signatures by default for the OT and IT world

why tehtris NTA?

ALL INCLUSIVE

TEHTRIS NTA offers unique network flow monitoring functionalities with a signature-based NIDS component, a network forensic-type component (integrating a tactical behavioral engine), and passive auditing to reduce the area of exposure.

SIMPLICITY

TEHTRIS NTA incredibly simplifies the complexity of network monitoring projects, with TEHTRIS taking on the deployment and maintenance of operational conditions.

INCREASED POWER

TEHTRIS NTA can be your network monitoring probe, natively integrated to the TEHTRIS XDR Platform with tools for SOAR, CTI, hunting, compliance, incident management and so on.

FULL COVERAGE

TEHTRIS NTA easily works with IT or OT environments, because of its unique internal engines. For IT environments, we can regularly catch unwanted activities like backdoors and outbound C&C. Regarding OT, we offer a strong advantage with our passive audit feature, because we can detect legacy security issues hidden in complex plants.

RISK-FREE INTEGRATION

TEHTRIS NTA probes do not modify systems in production. They simply add passive collection points, so as not to disrupt the elements already in place.

SECURITY

TEHTRIS NTA runs on appliances using TEHTRIX distribution, which is fully disk encrypted, with advanced protection mechanisms such as RBAC in the kernel and 0-day protection.

some figures

1 detection

rules covering all ranges of attacks from industrial to corporate networks

≤ 99 hours

of permanent updates of detection rules without human intervention

999 day to deploy

a TEHTRIS NTA appliance with sniffers and configured alarms

COMPLIANCE WITH MITRE ATT&CK

MITRE ATT&CK is a knowledge base with a modeling of the behavior of a cyberattacker, illustrating all phases of a cyberattack’s life cycle in relation to targeted platforms: Windows, macOS, Linux, mobile devices and so on.

Find out how TEHTRIS is compliant with MITRE ATT&CK

FAQ

What functions does NTA offer?

TEHTRIS NTA offers several functionalities, with three main axes which are the network intrusion detection system (NIDS), the passive auditing system, and the network forensic system.

What network protocols are monitored?

We monitor all possible standard network flows, from Layer 3 to Layer 7.

Do you have functions for the analysis of encrypted flows?

We have the ability to detect the use of suspicious certificates used in particular by many backdoors that try to filter out in an encrypted manner.

Is the detection module signature based?

The NIDS part is based on signatures, while the network forensic part uses behavioral rules, for example to detect lateral movements and horizontal or vertical scans.

Does the appliance have a netflow collector?

TEHTRIS NTA builds its flow collection directly in the same spirit as Netflow, keeping the metadata related to the communications between the different devices.

Where should the NTA probe be positioned?

It is advisable to position analysis on strategic points, such as the entry/exit part of a sensitive network.

Does the NTA have a passive audit function?

TEHTRIS NTA includes its own passive audit engine to detect all vulnerable machines on your infrastructure.