What Are Network Traffic Analysis Solutions & Are They Worth All The Hype?

    OTTAWA, ON, April 28, 2016 /24-7PressRelease/ -- Gartner's self-named "Hype Cycles" provide readers with a way to visualize how new technology will evolve over time. This visualization shows the adoption and maturity timeline of technologies and new innovations in the market.

There are many valuable insights to be found in Gartner's Hype Cycle for Infrastructure Protection 2015, written by Gartner Analyst Greg Young.1

Infrastructure Protection Hype Cycle

This particular Hype Cycle report discusses a variety of enterprise security technologies, their locations in the hype cycle, and their time to maturity. It also gives buyers useful guidance on whether or not to invest in particular types of technologies and trends.

The technologies mentioned in this report are those that have the potential for significant industry impact.

"In 2015, the threat level to enterprise IT continues to increase to very high levels, with daily accounts in the press of large breaches and attacks. No single safeguard will protect against all possible attacks, and enterprises are likely unable to deploy all the possible technology and service defenses presented on this Hype Cycle, so difficult choices must be made. This Hype Cycle can be a useful visual guide in assessing the security technology and security service choices that are available to protect enterprises' IT infrastructure."2

Network Traffic Analysis (NTA)

Network Traffic Analysis technology is located just at the Hype Cycle peak, and is classified by Gartner as an "emerging" technology to observe.

Gartner's Definition:

"Network traffic analysis (NTA) technologies use threat intelligence, statistical analysis, content inspection, machine learning or a combination of these techniques to detect suspicious activities on the enterprise network, typically postbreach events. NTA gathers data by listening to traffic and extracting interesting artifacts. NTA's scope can be limited to inbound and outbound traffic (north-south), but some vendors specialize in lateral (east-west) analysis in the internal network."3

This is the category of enterprise IT protection technology in rapidPHIRE is categorized, (with a few differences in definition), and for which Phirelight is listed as a sample vendor.

NTA solutions provide the ability to:
- Detect cyber threats better and faster, to dramatically shorten the large breach to detection gap;
- Prioritize alerts and signals, eliminating alert overload; and
- Triage cyber incidents much more rapidly.

In the past few years, the cyber threat landscape has become much more advanced. Sophisticated hacking groups, phishing strategies, exploit kits, and new business technologies have made the work of securing a business incredibly difficult, and the consequences of not having a secure posture, are costly and debilitating.

NTA technologies can drastically decrease the time between infection and detection, which currently averages at 98-197 days. Consequently, the cost of a data breach will be reduced (or usually eliminated completely), which has increased by 23% in the past two years (to $3.7 million).

NTA solutions fill a desperate need to protect against insider threats (which cause 80% of data breaches), remediate attacks before a full breach can occur, and give businesses the peace of mind they need. Any company, large or small, should consider using an NTA tool to mitigate these rising cyber security risks.

In Gartner's notes:

"Undetected malware infection and insider threats are two use cases where enterprises experience long dwell times before noticing an intrusion and being able to act on it. This gives time for attackers to exfiltrate data, including enterprise's intellectual property. Network traffic analysis improves the ability of security analysts to spot these attacks with a higher degree of certainty, facilitating a triage of events and prioritization of actions to be taken."4

rapidPHIRE

Phirelight's flagship product, rapidPHIRE, is a context-aware, cyber security NTA platform that provides situational awareness and remediation of cyber threats operating inside Enterprise as well as on SMB networks.

rapidPHIRE uses a combination of:
- Full contextual awareness that provides the full picture of what's really happening in your network;
- Intuitive visualization, analytics, and dashboards that are logical and easy to understand;
- Real-time detection with custom alerting and reporting;
- Multi-vector defense that automatically terminates threats and suspicious behavior;
- Scalable architecture with highly customizable deployment configurations.

Learn More

Phirelight Security Solutions Inc.

Phirelight was created in 2001 by a team of defense intelligence, cyber security, and military experts who recognized the need to help organizations manage and protect their critical assets.

Makers of rapidPHIRE, the new dimension in cyber intelligence, Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Phirelight serves a client base of large enterprises, government, and SME organizations in Canada, the United States, and Europe. Along with the rapidPHIRE ecosystem of technology partners, Phirelight provides a full suite of solutions.

1 Gartner, Hype Cycle for Infrastructure Protection, 2015, August 11, 2015
2 Ibid
3 Ibid
4 Ibid

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

# # #