The traffic analysis system from Positive Technologies has increased its ability to handle peak loads without requiring additional hardware

Positive Technologies has released a new version of its network traffic behavioral analysis system, PT Network Attack Discovery (PT NAD). The key features of release 12.1 include support for the latest version of the Elasticsearch data storage (8.13) and improvements for PT NAD operators and administrators. Additionally, version 12.1 introduces a dark theme in response to user requests. PT NAD can be deployed and configured for basic use in under 30 minutes.

The updated PT NAD supports Elasticsearch 8.13, providing enhanced resilience to peak loads, reduced hardware requirements, and faster query processing for traffic metadata. Internal testing by Positive Technologies has shown that using Elasticsearch 8.13 reduces CPU usage by 50% and storage requirements for metadata by 50%. Additionally, the transition to the new Elasticsearch increases maximum indexing speed by 3 times.

The new version of PT NAD is ideally suited for large enterprises handling significant volumes of traffic. Future reductions in hardware requirements will lower equipment costs, allowing a single installation to process more traffic without increasing deployment expenses.

Dmitry Efanov, PT NAD Product Owner, Positive Technologies, comments: "Deep traffic analysis, storing vast amounts of data, creating hierarchically distributed installations, and adding new analytical modules and other features to simplify the work of specialists — all this requires support from hardware resources: processor, memory, disks. In each release, we pay great attention to performance optimization, and this allows us to expand the capabilities of PT NAD without increasing hardware requirements".

The product's interface has undergone significant changes. Several administrative configurations have been moved from the console to the web interface. Specifically, the interface now allows management of SSL certificates, including adding trusted root certificates and modifying the web server certificate.

A number of interface changes have been made specifically for PT NAD operators as the people responsible for attack detection and investigation. The session card has been significantly redesigned to provide a comprehensive overview of all recorded indicators of compromise. This allows operators to respond quickly to incidents without wasting time searching for additional information, as all relevant details are shown in the event card. Additionally, the activity feed performance has been optimized; exception handling for attacks detected by expert modules has been improved; created widgets are now available to all users; and the number of rows displayed in widgets can now be customized. The new version also includes a visual representation of the relationships between nodes involved in NTLM relay attacks. The team plans to do the same for other complex attacks in the future.

PT NAD 12.1 is now available. You can request a trial by clicking the link.