Product overview

PT Network Attack Discovery is a deep network detection and response (NDR/NTA) system for detecting attacks on the perimeter and inside your network. The system makes hidden threats visible, detects suspicious activity even in encrypted traffic, and helps investigate incidents.


With the new version of PT NAD, you can detect attacks using new analytics modules, collect up-to-date information about network hosts, and centrally learn about detected threats in a single feed.

Read more

Detects malicious activities in east/west traffic

PT NAD analyzes both north/south and east/west traffic and detects lateral movement, attempts to exploit vulnerabilities, and attacks against end users on the domain and internal services.

PT NAD detects

The results of PT NAD pilot projects in 41 large companies have shown that, regardless of the sector, there are violations of infosec regulations in 100% of corporate networks, suspicious traffic in 90%, and malware activity in 68% of them. What's wrong with the networks of large companies?

View report

Detects even modified malware

PT NAD alerts about all dangerous threats and detects even modified versions of malware. To describe the full range of cyberthreats, our experts constantly explore the latest malware samples and hacker tools, techniques, and procedures. Each rule they create covers an entire malware family.

How it works

PT NAD captures and analyzes traffic on the perimeter and inside infrastructure. This allows detecting hacker activity at the earliest stages of network penetration, as well as during attempts to gain a foothold on the network and develop the attack.

PT Network Attack Discovery

Keeps attacks private

PT NAD is an on-premise solution. All data is stored on client infrastructure, never leaving the corporate perimeter. Information on attacks and damage is not transmitted to the outside, minimizing reputational risks.

Use cases

Security policy compliance

PT NAD detects IT configuration flaws and cases of non-compliance with security policies, which otherwise can offer attackers a way in. Filters help to quickly identify credentials stored in cleartext, weak passwords, remote access utilities, and tools that hide network activity. Pin filters of interest in a separate widget for quick reference. Here is a widget displaying all non-encrypted passwords:

Security policy compliance

Detection of attacks on the perimeter and inside the network

Thanks to embedded machine learning technologies, advanced analytics, unique threat detection rules, indicators of compromise, and retrospective analysis, PT NAD detects attacks both at the earliest stages and after attackers have already burrowed into infrastructure.

The PT Expert Security Center updates rules and indicators of compromise twice a week. Updating the database does not require a constant connection to the Positive Technologies cloud.

Advanced analytics modules enable identification of complex threats and network anomalies. They take into account many parameters of the attacker's behavior and are not tied to the analysis of individual sessions, unlike the rules for attack detection.

Detection of attacks on the perimeter and inside the network

Investigation of attacks

Because PT NAD saves copies of raw traffic and session data, forensic investigators can:

  • Localize attacks.
  • Reconstruct kill chains.
  • Detect vulnerabilities in infrastructure.
  • Take measures to prevent similar attacks.
  • Gather evidence of malicious activity.
Investigation of attacks

Threat hunting

PT NAD is ideal for threat hunting and detecting hidden threats that standard cybersecurity tools miss. A security analyst, possessing the necessary skills and infrastructure-specific knowledge, can empirically test hypotheses. So PT NAD makes it possible to determine whether a hacker group, insider threat, or data breach is truly present, and if the hypothesis is confirmed, take proactive measures accordingly.

Threat hunting

We are a Microsoft Active Protections Program member

We receive information about zero-day vulnerabilities in Microsoft’s products. That’s why PT NAD’s customers get protection faster.

Key features

Integrates with SIEM and sandbox solutions

By taking advantage of powerful integration support, users can manage incidents and detect malicious content in file traffic.

Get free pilot

By clicking Send you give your free and explicit consent to process your personal data and agree to our Privacy Policy.

Related services and solutions