Bitdefender Rolls Out Network Monitoring Tool To Find Attacker Activity

Bitdefender has introduced a network monitoring and traffic analytics offering that hunts for attacker network activity and uses automated alert triage to improve incident response.

The Bucharest, Romania-based cybersecurity vendor said Network Traffic Security Analytics (NTSA) IntelliTriage uses machine learning and behavioral analytics to automatically detect threats for managed and unmanaged entities as well as encrypted and un-encrypted network traffic.

The offering integrates Bitdefender's IP and threat intelligence from more than 500 million active threat points with the ability of RedSocks to see and analyze network traffic, according to Joe Sykora, vice president of global sales and channels. Bitdefender purchased The Hague, Netherlands-based RedSocks Security in October 2018 to better wrap its arms around network behavior and traffic analytics.

[Related: Bitdefender Buys Network Security Analytics Startup RedSocks]

Sponsored post

The new product makes Bitdefender one of the most advanced network traffic analytics players in the market today, said Sykora, who considers the threat intelligence component to be the company's "secret sauce."

"No one else is going to be able to replicate what we see across those half-a-billion nodes," Sykora said.

NTSA IntelliTriage is simpler, easier to use and less expensive than competing network traffic analytics offerings, according to Sykora. The Bitdefender product is typically sold for a six-figure sum or higher, although Sykora said he's seen some NTSA IntelliTriage deals for as little as $40,000 or $50,000. NTSA IntelliTriage is being sold as a license with a minimum one-year commitment, according to Sykora.

The product is more for the mid-enterprise or enterprise space, Sykora said, with pricing based on the number of users on the network or in the distributed enterprise. Bitdefender considers companies with at least 1,000 users to be mid-enterprise, according to Sykora.

Businesses looking to get the most out of the product need to have someone dedicated to security looking at the alerts being generated by NTSA IntelliTriage in real time on a 24/7 basis, Sykora said. Mid-enterprise and enterprises typically have internal staff dedicated to security, Sykora said, while most small businesses would need to partner with an MSP or MSSP for this.

"The product is only as good as what you're going to do with it," Sykora said.

NTSA IntelliTriage has gotten the most traction in highly regulated industries such as financial services and health care, Sykora said. Bitdefender has also experienced success in government entities around the globe trying to do threat intelligence, according to Sykora.

The product presents a "great opportunity" for Bitdefender's traditional endpoint security partners as well as network security solution providers that don't work with the company today, Sykora said.

Going forward, Sykora said the company plans to pursue more and deeper integration of the RedSocks technology into Bitdefender's suite of products. Specifically, Sykora said Bitdefender is interested in automating the steps following the detection of a breach.