NetTrust is a Preemptive Risk Breach Detection System (BDS) that simplifies finding evidence of at-risk and compromised systems inside your network perimeter.

NetTrust combines best-of-class breach detection with continuous security analytics to identify hidden post-infection, pre-breach network behaviors. The analytics engine analyzes behavioral profiles, threat patterns and contextual evidence to rank systems by their risk of breach, and integrates tightly with your enterprise security ecosystem.

Working inside perimeter defenses — where the greatest damage from breaches occur — the system provides your last line of defense against staging, reconnaissance, propagation, data acquisition, exfiltration, insider threats, and much more.

Security Automation

Respond in Minutes

NetTrust automates and accelerates SOC response by helping security analysts quickly identify, triage and contain compromised systems. Where analysts otherwise need to review tens of thousands of individual events in the wild to figure out what’s happening, NetTrust automatically profiles, correlates and analyzes risky behavior in real time to join the dots for you.

Evidence-Based Risk Index

NetTrust lets your team pivot on systems rather than discrete events, with a Risk Index and Forensic Confidence Score (FCS) showing at a glance which ones are at the greatest risk of breach. Pattern analysis reveals systems exhibiting a common “threat DNA,” classifies threat categories and focuses containment efforts based on evidence, not inference. Evidence drill-down from profile to packets provides the detail needed to expedite decision making, reduce dwell time, accelerate containment and reduce the risk of lost or stolen data.

Detect Hidden Behaviors

As malware executes inside your network, it conceals itself by hiding inside benign protocols. Traditional anomaly detection generally fails to identify such events, making it easy for hackers to hide in plain sight. Malicious actors can easily subvert your network by using ubiquitous protocols like DNS, NTP or Ping to download zero-day binaries, initiate command and control communications and ultimately exfiltrate data.

Find Obfuscated Callbacks & Data Exchange

NetTrust uses an open detection grammar to identify these otherwise hidden network behaviors at application runtime, allowing it to find malicious content without the use of signatures or sandboxes (for example binaries hiding inside documents or image files). The NetTrust detection engine provides unique Callback and Obfuscation Data Exchange (CODE) capabilities to assess signaling integrity and hidden data transfer between systems for command and control beacons (dial-homes), attack preparation and data exfiltration.

AWARE Analytics Platform

Underlying all TaaSera products is the patented AWARE analytics platform (Attack Warning and Response Engine).  AWARE automatically maps behavior events to discrete stages in the life cycle of advanced threats, and then generates Profiles containing multiple related events correlated during observation.  Analysts may drill down on Profiles to view and diagnose events relevant to each stage of an ongoing malware infection.

NetTrust Profiles amplify the signal and reduce noise so that analysts need review only the events relevant to an attack.  With an extremely low rate of false positives, NetTrust empowers security analysts to focus on what matters most as they investigate, triage and contain compromised systems at risk of data breach.

Threat DNA Pattern Analysis

NetTrust’s patented technology also delivers real-time pattern analysis to classify the sequence and timing of malware behaviors operating inside your environment.

Coordinated attacks follow a sequence of behaviors that is virtually impossible to track without extensive, after-the-fact forensic analysis. By classifying the pattern of events in real time, NetTrust maps the specific "threat DNA" of an ongoing breach attempt.

Read our Data Analytics White Paper

Shared Behavior Intelligence

One of the greatest challenges during the incident response process is the uncertainty of knowing whether you've contained the problem, or if other systems remain compromised but undetected.

The AWARE analytics platform instantly compares observed behavioral patterns found inside your environment with others shared anonymously across the global community of NetTrust users.  Best of all, when NetTrust identifies a system at risk of breach, pattern identification speeds containment and response by automatically finding any other systems showing the same pattern of attack behavior. NetTrust automatically correlates and analyzes these data in real time to join the dots for you.

Contextual Evidence

Risk Index and Forensic Confidence Score

Contextual evidence is key for investigation or incident response. But gathering it can be a time consuming, hit-or-miss process. NetTrust automates the analysis of contextual evidence by correlating hidden risky behaviors against a multitude of data sources, including external IP reputation, vulnerabilities, risky DNS behavior, threat patterns and other risk indicators. 

NetTrust automatically analyzes these data in real time to produce a Risk Index and Forensic Confidence Score (FCS) from the total accumulated evidence. The Risk Index makes it simple to triage systems that require immediate containment and response. From behavior profiles, you can drill down to examine network capture files in PCAP format related to the observed patterns of behavioral evidence.

With actionable, context-rich evidence at your fingertips, NetTrust gives you unprecedented visibility and the ammunition needed to stop post-infection, pre-breach behaviors inside your network perimeter.

Security Ecosystem

Evidence-Based Risk Attribution

NetTrust integrates seamlessly with your existing infrastructure, including SIEM, Splunk, Vulnerability Assessment tools and Active Directory.

When NetTrust finds exploit behaviors across the network, it correlates them against results from vulnerability scanning tools for additional risk attribution and contextual evidence. Prioritization of patch management becomes much more obvious when you discover vulnerabilities actively under exploit.

Turn Your SIEM into a Breach Detection Engine

Analytics and Profile data from NetTrust may be exported to any CEF-compatible log server for integration into your Security Information and Event Management (SIEM) or Splunk platforms, providing both a single pane of glass, and turning your big data log management into a Breach Detection Engine. 

Get the NetTrust App for Splunk


NetTrust ArchitectureNetTrust editions use one or more passive host sensors to analyze live network traffic fed via the SPAN port of a 1G or 10G network interface, on a layer 2/3 switch, firewall or virtual switch port mirror. Sensors are deployed inside the firewall and DMZ so they have visibility into traffic inside your network, and run as a virtual appliance on a dedicated server, or as an OVF that can be deployed on existing virtual infrastructure.

Sensors are managed from a Microsoft Windows GUI interface, or via Web-based Analytics Server, and connect with the cloud-based TaaSera Threat Center for daily threat intelligence, detection grammar and software updates.

NetTrust | Enterprise Edition

For Commercial Use

  • 1G, 3G or 10G 1U Security Appliance.
  • Optional ESXi Virtual Appliance.
  • Subscription for threat intelligence, rules and software updates 
  • Connectors for Security Information and Event Management (SIEM)
  • Connectors for Integrity Measurement & Verification (IMV) services (QualysGuard, Rapid7 & Tenable).
  • Integration with Active Directory for attribution and context.
  • Integrated Technical Support.

NetTrust Appliance

NetTrust Business Edition | Mid-Size Enterprises
  • 1G Small Form Factor Security Appliance.
  • Subscription for threat intelligence, rules and software updates.
  • Connectors for Security Information and Event Management (SIEM).
  • Connectors for Integrity Measurement & Verification (IMV) services (QualysGuard, Rapid7 & Tenable).
  • Integration with Active Directory for attribution and context.
  • Integrated Technical Support.

NetTrust Mini Appliance

NetTrust CSRP | Research Edition

Academic Cyber Security Research

  • 1G Security Appliance
  • Virtual Appliance
  • Subscription for threat intelligence, rules and software updates.
  • Subscription for AWARE Update Manager.
  • Subscription for AWARE Tools Research Suite.
  • Connectors for Active Directory, IMV and SIEM.
  • Integrated Technical Support

NetTrust Mini Appliance

NetTrust App for Splunk | Splunkbase

The NetTrust App for Splunk allows TaaSera customers to integrate their NetTrust results across multiple sensors into a custom Splunk dashboard. 

>Request Download

NetTrust App for Splunk


TaaSera Demo See how TaaSera finds hidden behaviors before the breach

TaaSera Live


Learn How Learn how to prevent a data breach using the NetTrust Preemptive BDS.

Learn How


Try NetTrust Evaluate NetTrust in your live environment.

Get Started