VMware vDefend Network Traffic Analysis (NTA) focuses on behavioral anomalies and advanced evasive techniques rather than simple, noisy, signature-based events.
DNS Tunneling (Option A): This is a highly sophisticated detector. Attackers often encapsulate stolen data or Command & Control (C2) instructions inside standard DNS queries (because DNS is rarely blocked by firewalls). NTA uses Deep Packet Inspection (DPI) to detect this anomalous payload hiding in port 53.
Unusual Traffic Pattern (Option B): NTA uses machine learning to baseline normal East-West traffic in your data center. If a web server that normally only talks to a database server suddenly starts transferring gigabytes of data to an unknown internal workstation, this detector flags the anomaly.
(Note: Basic password brute force and simple vertical port scans are traditionally handled by the standard IDS/IPS signature engines, whereas NTA focuses on deeper, protocol-level anomalies and AI-driven deviations).
=========================
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit