The escalating sophistication of threats requires organizations to use multiple sources of data for threat detection and response. Network-based technologies enable technical professionals to obtain quick threat visibility across an entire environment without using agents.
- How Are Networking Tools Used for Detection and Response?
- Why Should You Use Network Data for Threat Detection and Response?
- Improve Threat Detection
- Improve Incident Response
- Support Threat Hunting
- How Do Network-Centric Approaches Compare With Other Threat Detection and Response Approaches?
- What Tools Can Be Used for Network-Centric Threat Detection and Response?
- Network Traffic Analysis Tools
- Intrusion Detection and Prevention Systems
- SIEM and UEBA
- Network Forensic Tools
- Network Performance Monitoring and Diagnostics Tools
- Select Tools According to Use Cases
- Deploy the Tools
- Decide on Your Initial Deployment
- Work With the Network Team
- Decide on the Scale Needed
- Test and Select a Network Analysis Solution
- Tool Selection Process Summary
- Operate NTA and NFT Tools
- Adapt Triage Processes to Anomaly-Based Alerts
- Retain Data for Investigations
- Metadata and Full Packet Capture Extraction
- Overview of Analytics in NTA Tools
Gartner Recommended Reading