cancel
Showing results for 
Search instead for 
Did you mean: 
hrattink
Level 7

NTBA, who (isn't) using it?

Jump to solution

The NTBA seems to be a interesting and complimentary component of the IPS suite and if I'm not mistaken, for free (supporting up to 2 NS-IPS devices). Having "free" and "complimentary" in one sentence, I wonder who is using it and of the people who aren't, if they have been offered the NTBA for free Also, from your experience, how you see it next to an NS-IPS with GTI (Artemis) service: complimentary or perhaps having more or less added value?

0 Kudos
1 Solution

Accepted Solutions
jvdavis456
Level 10

Re: NTBA, who (isn't) using it?

Jump to solution

The "free" version is a VM. The model is actually T-VM. There are other VM models that require additional purchase. There is support it for because it is a feature included with license purchased with the NSP. The level of support depends on the support package purchased. The main advantage for some adopters is that it allows them to run the GAM against files on sensors that are not currently able to run GAM themselves (such as M-2950). Although it can only collect from two sensors most organizations have a spot on their network where they can still collect the NetFlow needed.

0 Kudos
7 Replies
exbrit
Level 21

Re: NTBA, who (isn't) using it?

Jump to solution

Moved to Network Security Platform for better response.

---

Peter

Volunteer Moderator

petermason
Level 13

Re: NTBA, who (isn't) using it?

Jump to solution

Hi hrattink,

I was not aware that it was free, where did you get that information?

Regards

Peter

0 Kudos
hrattink
Level 7

Re: NTBA, who (isn't) using it?

Jump to solution

I heard this from a McAfee SA. The free version can handle up to 2 IPS sources, if I'm not mistaken

0 Kudos
petermason
Level 13

Re: NTBA, who (isn't) using it?

Jump to solution

Hi hrattink,

Is the free version the virtual NTBA software?

Did they say there was free support for it too, or do you need to add it to your support contract?

Regards

Peter

0 Kudos
jvdavis456
Level 10

Re: NTBA, who (isn't) using it?

Jump to solution

The "free" version is a VM. The model is actually T-VM. There are other VM models that require additional purchase. There is support it for because it is a feature included with license purchased with the NSP. The level of support depends on the support package purchased. The main advantage for some adopters is that it allows them to run the GAM against files on sensors that are not currently able to run GAM themselves (such as M-2950). Although it can only collect from two sensors most organizations have a spot on their network where they can still collect the NetFlow needed.

0 Kudos
hrattink
Level 7

Re: NTBA, who (isn't) using it?

Jump to solution

Do you know if the NTBA is doing the sandboxing itselves or perhaps is using a cloudservice for analysing files that have unmatched hashes?

0 Kudos
Highlighted
jvdavis456
Level 10

Re: NTBA, who (isn't) using it?

Jump to solution

NTBA does not do sandbox analysis of suspect files. You'll need ATD for that. NTBA's main purpose is network traffic anomaly detection using NetFlow. Since not every sensor model can run GAM I think they made a smart move incorporating it in NTBA.

0 Kudos