What Is NTA?

Importance of NTA

As science and technology develop, enterprises increasingly rely on networks to transmit data. This makes network management and network security particularly important. NTA automatically detects network exceptions, improves network availability and performance, and ensures maximum network observability and visibility.

• Helping users quickly locate network exceptions: NTA can monitor network-wide traffic in real time, quickly detect exceptions, display detection results, and generate alarms. In this way, network applications are made visible and controllable, thereby helping users quickly locate network exceptions and improving network O&M efficiency.
• Improving the efficiency of network bandwidth planning: NTA can display network traffic status from multiple dimensions, providing data support for network bandwidth planning. NTA provides multi-dimensional traffic analysis reports, offering scientific data basis for capacity planning and improving network availability.
• Enhancing security situation: NTA quickly detects attackers' access to network resources by identifying unstable asset environments in real time. NTA effectively detects potential threats on the network and implements network-wide security situation awareness. All of this helps enterprises resolve threats based on solutions to prevent potential risks.
• Reducing personnel maintenance costs: NTA improves the efficiency of security operations by minimizing requirements on personnel 24/7 monitoring and analyzing network traffic for security purposes. It does this by automating threat detection, thereby reducing the number of people required for threat detection and analysis.

Application of NTA

To gain comprehensive insight into the distribution and trend of network traffic and implement network traffic visualization, NTA can enable statistics collection on network access devices as required to collect statistics on network-wide traffic for analysis. The analysis results can be used in the following scenarios:

• Visualized and controllable link traffic: By monitoring WAN links, NTA provides detailed traffic reports, as well as traffic distribution and directions of various services. This helps users learn about the distribution of traffic of various services in a timely and comprehensive manner, and identify junk and useless traffic, ultimately ensuring sufficient bandwidth for important traffic and fully utilizing WAN bandwidth resources.
• Network bandwidth planning: Users can check long-term traffic data in reports, the traffic distribution of each service on key links in each month, and whether the bandwidth is properly allocated to key services. They can also check whether non-key services occupy a large amount of bandwidth, and reallocate the bandwidth to each service based on the traffic distribution of each application.
• Analysis of failure to access the application server: By checking the detailed traffic distribution of each application server, users can detect network risks in advance, locate faulty servers, and locate fault causes to ensure the service system runs stably.

Differences Between NTA and SIEM

NTA and Security Information and Event Management (SIEM) differ in the scope of data they collect and analyze:

• SIEM monitors and analyzes security events, such as logs and alarms generated by software, systems, and applications on the network in real time to learn about the normal mode and generate alarms when exceptions or events occur.
• NTA analyzes all traffic and traffic records on the entire network, not just event records. It implements comprehensive security analysis on operations and relationships of all elements on the network, including users, devices, and applications, helping users identify potential threats and suspicious activities in time.

How Does Huawei Protect Your Network?

To deal with the increasingly complex network environment and growing threats, Huawei provides various security products for traffic monitoring and analysis, helping you detect security risks in time and reduce the impact of security threats.

• The HiSecEngine Probe1000 series network traffic threat detection probes use Huawei-developed dedicated security chips and ASE engines to provide powerful capabilities around intrusion prevention system (IPS), antivirus, and malicious file detection. The probes parse traffic of protocols such as HTTP, DNS, ICMP, and TLS, send metadata to HiSec Insight for analysis and detection, restore mainstream files, and obtain PCAP packets to acquire event processing and forensic information.
• HiSec Insight security situation aware system can effectively collect huge volumes of basic network data, including traffic on the network, and network and security logs of various devices. It performs real-time and offline analysis of the big data. Combined with machine learning technologies, expert reputation, and intelligence-driven technologies, HiSec Insight can effectively detect potential and advanced threats on the network to implement network-wide security situation awareness. In addition, the system can work with Huawei HiSec solution to efficiently resolve threats and prevent potential risks.