Because network traffic analysis has many advantages:
Improved visibility of devices connecting to the user’s network;
Compliance with regulatory requirements;
Troubleshooting network operation and security;
Rapid detection of threats in traffic based on indicators of compromise;
Significant expansion of Threat Hunting and retrospective analysis capabilities based on indicators of compromise;
Why is network traffic analysis important?
Even with the most reliable firewalls, there may be security gaps through which unwanted traffic can pass. Especially when even ordinary users can bypass firewalls using tunneling, anonymizers for external links and VPNs. Monitoring your network perimeter is always a good practice. But according to the statistics of hacking, an attacker passes the perimeter in 1-2 days, and some companies can be penetrated in 30 minutes. Therefore, it is important to control the internal traffic where the attacker will move from device to device.
In addition, the increase in the number of ransomware attacks makes monitoring network traffic even more important. NTA systems should be able to recognize the abnormal activity of their own employees, indicating that they have been hacked and that the spread of a network worm has begun. Often, ransomware works first as a network worm and then runs everywhere at the same time.
It is also worth paying attention to the Remote desktop Protocol (RDP), which often becomes the target of hackers. Its security can also be improved with the help of NTA.
Monitoring traffic within the network will help to check the rules of the firewall, get valuable information about the transmitted usernames and passwords in plain text, as well as about the use of hidden tunnels, which requires a deep analysis of network traffic.