Network Traffic Analysis

TEHTRIS NTA is a tactical solution to analyze your network flows in real time, using flow capture, metadata (NetFlow) and passive audit mechanisms.

A tactical network flow analysis solution

TEHTRIS NTA is a tactical solution for real-time network flow analysis, using metadata flow capture and passive auditing mechanisms. Depending on its position in your infrastructure, TEHTRIS NTA can monitor both north/south and east/west flows.

Eliminate network blind spots

Several modules are present in TEHTRIS NTA, with signature-based detection and behavioral-based techniques. All flows are continuously learned to perform advanced analysis and detect network anomalies. By recording metadata in NetFlow mode, TEHTRIS NTA offers the ability to go back in time, looking for who talked to whom, when and how.

Superior capabilities to traditional network probes

Unlike many products, TEHTRIS NTA does not require the use of a SIEM to be useful, as the solution is directly integrated into the TEHTRIS XDR Platform to enrich this ecosystem. Moreover, TEHTRIS NTA is not only limited to signature aspects or user behavior analysis, in order to raise alerts. Indeed, some suspicious elements can be detected in other ways, such as lateral movements or slow stealth scans.



TEHTRIS NTA offers unique network flow monitoring capabilities with a signature-based NIDS component, a Network Forensic component with a tactical behavioral engine, and passive auditing to reduce the exposure surface.


TEHTRIS NTA drastically simplifies the complexity of network monitoring projects in an operated mode, with TEHTRIS taking over the deployment and maintenance.

Pictogramme CTI Sécurité: Cadenas


TEHTRIS NTA runs on appliances using the TEHTRIX distribution, whose entire disk is encrypted, with advanced protection mechanisms like RBAC in the kernel and anti-0-day protections.


Thanks to its internal engines, TEHTRIS NTA can easily work with IT (Internet/LAN) or OT (SCADA/ICS) environments or even with recent IoT environments.


EHTRIS NTA probes do not modify systems in production. They simply add passive collection points, so as not to disrupt the elements already in place.

Pictogramme : Rocket TEHTRIS


TEHTRIS NTA can be your network monitoring probe, natively integrated to the XDR Platform with SOAR, CTI, hunting, compliance, incident management tools.

Le TEHTRIS EDR s'intègre parfaitement à la solution cybersécuritaire ultime de TEHTRIS : la XDR Platform

Perfectly integrated
inside the XDR Platform

When it comes to cybersecurity, orchestrating events and reacting to threats effectively and quickly is a fundamental challenge. One of the best ways to do this is with powerful automation and artificial intelligence. That’s what TEHTRIS offers with its SOAR integrated with the TEHTRIS XDR Platform.

Discover how we create hyper automation !


MITRE ATT&CK compliance

MITRE ATT&CK is a knowledge base with a model of the behavior of a cyber attacker, reflecting the different phases of the attack life cycle according to the targeted platforms: Windows, Mac, Linux, mobile, etc.

Discover the compatibility of TEHTRIS XDR with MITRE ATT&CK


day to deploy a TEHTRIS NTA appliance, with sniffers and alarms configured

24 h

permanent updating of detection rules without human intervention

+ 50 K

detection rules covering all ranges of attacks from industrial to corporate networks

Data Center, sauter vers le TEHTRIS EDR c'est faire le pari d'avoir une entreprise mieux protégée contre les cyberattaques

Preserve the sovereignty and integrity of your data

Since 2010, TEHTRIS innovates and improves its cyber defense solution, through the different modules of the TEHTRIS XDR Platform.

Choose the European leader in cyber security!


TEHTRIS NTA offers several functionalities, with three main axes: the network intrusion detection system (NIDS), the passive auditing system, and the Network Forensic system.

We monitor all possible standard network flows, from Layer 3 to Layer 7.

We have the ability to detect the use of suspicious certificates used in particular by many backdoors that try to filter out in an encrypted manner.

The NIDS part is based on signatures, while the Network Forensic part uses behavioral rules, for example to detect lateral movements and horizontal or vertical scans.

TEHTRIS NTA builds its flow collection directly in the same spirit as NetFlow, keeping the metadata related to the communications between the different devices.

It is advisable to position analysis on strategic points, such as the entry/exit part of a sensitive network.
TEHTRIS NTA includes its own passive audit engine to detect all vulnerable machines on your infrastructure.

News about TEHTRIS NTA

* © 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

** Gartner and Market Guide are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner Market Guide for Extended Detection and Response, Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021
TEHTRIS recognized as a Representative Vendor in the 2021 Market Guide for Extended Detection and Response.
Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021

Gartner Innovation Insight for Unified Endpoint Security, Rob Smith, Dionisio Zumerle, 12th November 2020,
Gartner Market Guide for Mobile Threat Defense, Dionisio Zumerle, Rob Smith, 29th March 2021,
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.