PT NAD

A comprehensive network traffic analysis system designed to detect attacks across all network layers and analyze anomalous activities using Machine Learning (ML), capable of serving as a sensor for any SOC.

PT Network Attack Detection (PT NAD) is a network traffic analysis (NTA) system designed to monitor malicious activities both at the network perimeter and internally. This advanced investigative tool can detect malicious activity even within encrypted traffic. PT NAD knows exactly what to look for in your corporate network.

Complete Network Visibility
PT NAD identifies over 100 protocols and 9 tunneling protocols and analyzes 35 common protocols up to Layer 17. By examining more than 1,200 protocol parameters, PT NAD builds models of network nodes, providing a clear picture of the infrastructure’s status and helping identify security weaknesses that could be exploited in attacks.

PT NAD continuously monitors all network hosts, minimizes the use of uncontrolled infrastructure components, and reduces the risk of the organization being compromised through such elements.

The system automatically detects intrusion attempts and attacker presence within the infrastructure using various indicators, including tools employed and data transmitted to attacker servers.

Integration with SIEM Solutions
PT NAD is an essential resource for SIEM platforms. It stores metadata and raw traffic, enabling rapid identification and analysis of suspicious sessions, as well as export and import of traffic data. By providing full network visibility, PT NAD helps SOC teams track attack success, trace attack chains, and collect forensic evidence more effectively.

 

Application scenarios

PT NAD – Security Policy Enforcement and Threat Detection

Security Policy Compliance Monitoring
PT NAD identifies configuration issues and violations of security policies that could provide attack vectors for intruders. Examples include credentials sent in plaintext, weak passwords, remote access tools, and software that conceals network activity.

External and Internal Attack Detection
Thanks to its deep internal analysis modules, threat-specific detection rules, compromise indicators, and review analytics, PT NAD can detect attacks both in their early stages and after intruders have penetrated the network.

Attack Investigation
Information security experts can locate an attack, trace the attack chain, identify infrastructure vulnerabilities, and implement countermeasures to prevent future incidents.

Threat Hunting
PT NAD supports organizations in conducting structured threat hunting operations, testing hypotheses such as hacker presence in the network, and uncovering hidden threats that standard cybersecurity tools cannot detect.

PT NAD Detects:

  • Threats in encrypted traffic

  • Use of hacker tools, including custom-developed tools

  • Lateral movement of attackers within the network

  • Network anomalies caused by intruders, both in early stages and post-intrusion

  • Compromised hosts in the network

  • Attacks targeting domain controllers

  • Indicators of previously undetected attacks

  • Exploitation of existing vulnerabilities in the network

  • Signs of malicious activity hidden from traditional security tools

How PT NAD Works

PT NAD – Deep Packet Inspection and Network Traffic Analysis

PT NAD inspects network traffic in both external and internal infrastructure environments using built-in Deep Packet Inspection (DPI) technology. Traffic sources can include network TAP devices, packet networks, and active network equipment. By analyzing mirrored network traffic with statistical and behavioral modules, PT NAD detects hacker activities both in the early stages of network intrusion and when attackers attempt to establish persistence and continue their attacks.

PT NAD stores a copy of the raw traffic and uses it to generate metadata for retrospective analysis. After updating threat detection rules and compromise indicators (IoCs) from the PT Expert Security Center, PT NAD automatically reviews the collected traffic data and alerts SOC analysts to the presence of hidden attackers within the network.

By combining multiple mechanisms for detecting complex threats, PT NAD provides comprehensive network visibility, identifies suspicious connections and anomalies, and helps ensure compliance with information security requirements.