UDV NTA Network Traffic Monitoring and Analysis System

Main article: Security Information and Event Management (SIEM)

2026: DS Optic-TAP and DS Integrity EVO Compatibility

UDV Group and Digital Solutions have completed compatibility tests for their products designed to provide network visibility in corporate and industrial infrastructures. UDV Group announced this on February 2, 2026.

During testing, the technological compatibility of the following products for protecting the corporate infrastructure was confirmed: the DS Optical-TAP traffic coupler, the DS Integrity EVO network packet broker and the network traffic analysis system for detecting UDV NTA cyber attacks. The compatibility of products for protecting industrial infrastructure was also checked: DS Copper-TAP traffic coupler, DS Diod unidirectional aggregator, DS Integrity EVO network packet broker and integrated APCS cyber protection system with full visibility of attacks, threats and compliance with legal requirements - UDV DATAPK Industrial Kit.

During the tests, UDV Group and Digital Solutions products demonstrated stable and reliable operation, which confirmed their full technological compatibility. This enables customers to use these products as a single solution to effectively monitor the network security and visibility of both corporate and industrial infrastructures.

The tests covered a wide range of functionality. Digital Solutions products provided a complete copy of network traffic, its optimization, including the removal of packet duplicates, as well as balancing flows into several instances of the analysis system. UDV Group products, in turn, were responsible for automatic asset discovery, defining application and industrial protocols, detecting file transfers, and detecting suspicious activity and network attacks in the corporate and industrial segments of the network.

In modern cyberattacks, each missed packet is not just a statistical error, but a potentially harmful impact that can go unnoticed. Proven compatibility allows customers to safely scale the infrastructure for collecting and processing network traffic and be sure that solutions for detecting and investigating attacks from UDV Group receive complete and continuous data, commented Mikhail Pyryev, UDV NTA product manager.

The efficiency of behavioral traffic analysis systems directly depends on the quality of the data they receive at the input. Sharing Digital Solutions products and NTA/NDR-class systems significantly improves the effectiveness of threat detection. Partnership with UDV Group opens up new opportunities for us to protect critical information infrastructure, "said Alina Pavlova, Head of Product Promotion at Digital Solutions.

2025

UDV NTA 1.1 with retrospective analysis of traffic copy

The Russian developer UDV Group has released an updated version of the UDV NTA 1.1 network traffic analysis system. The company announced this on December 4, 2025.

UDV NTA is an element of network visibility and early attack detection. In a situation where the landscape of cyber threats is constantly changing, any deviation from the normal picture of the network may indicate an attack. UDV NTA allows comprehensive analysis of data from various sources, which helps identify suspicious activity and prevent attacks, minimizing or completely eliminating potential damage to business.

This version offers even more opportunities for exploring network traffic and leaves fewer blind spots in the infrastructure thanks to the following improvements:

• Retrospective analysis of a copy of traffic - an option allows SOC specialists and information security consultants to analyze client traffic without integration costs, as well as reduce sensor costs for inactive network segments;
• Advanced support for application layer protocols, including user protocols. With this option, UDV NTA allows you to track the network activity of devices using rare or specialized applications, providing greater visibility of network activities.

Also, UDV NTA 1.1 has improved the network map interface: contextual transition from an incident to a network map and the ability to adjust the volume of displayed objects help information security specialists quickly receive information about assets involved in the incident and localize the attack.

This version of UDV NTA takes into account the first user experience after launch and makes the necessary improvements to speed up investigations when an incident occurs, covering even those places where the sensor is not yet installed. These improvements follow the market trend, ensuring the possibility of expanding network visibility in conditions of limited budgets, "said Mikhail Pyryev, UDV NTA Product Manager.

K2 Cloud Compatibility

and K2Teh UDV Group confirmed the compatibility of the UDV NTA network traffic analysis system cloudy with the infrastructure. K2 Cloud Customers can now deploy one of the right-in-the-cloud solutions information security without complex configuration or performance loss. K2Tekh announced this on September 9, 2025.

This integration was made possible by the implementation of a function in the K2 Cloud - mirroring network traffic. It allows you to copy the incoming and outgoing traffic of virtual machine interfaces to the virtual port of the NTA sensor for further analysis. An important advantage of implementation in K2 Cloud is the ability to apply filters: administrators can exclude unnecessary flows (for example, large backup traffic) or, conversely, indicate specific types of traffic for mirroring. Filters are configured similar to packet filter rules and can be based on IP addresses, protocols, and L4 ports.

K2 Cloud was the first Russian cloud provider to implement cloud infrastructure traffic mirroring functionality.

It is important for us that UDV solutions are easily embedded in the cloud. Integration with the K2 platform The cloud opens up opportunities for our customers in terms of flexibility and speed of incident response, "said Mikhail Pyryev, UDV NTA Product Manager.

During the testing process, UDV NTA was deployed in the K2 Cloud with two subnets - internal and external. The system connected to mirrored traffic from both zones and worked as a passive sensor that did not require agents to be installed on virtual machines. This approach gives full visibility into network activity and does not interfere with the operation of business applications.

Testing scenarios included: detecting hidden threats and unauthorized devices in the network, analyzing traffic between subnets in one VPC, filtering, routing and checking the integrity of network data, stable operation under load up to 3 Gb/s per sensor, no loss in mirroring and transferring large amounts of data.

UDV NTA compatibility allows our customers to easily and quickly integrate network activity monitoring into the cloud infrastructure - with no capital costs and full data control. Thanks to the partnership with UDV and the new functions of K2 Clouds for traffic mirroring, we offer the business an effective solution for building an integrated information security system, - said Vladislav Odintsov, technical leader, Product Owner of K2 Cloud network services.

Running the UDV NTA Solution

On June 16, 2025, UDV Group announced the launch of the UDV NTA solution, a network traffic control and analysis system. The solution is focused on companies that build an information security monitoring system or want to strengthen basic protection tools (antivirus, EDR, MS) using maximum network visibility. The main task that the UDV NTA performs is to protect the company's business assets by ensuring transparency and network security. The implementation of this system allows employees responsible for information security to detect the presence of attackers, prevent attacks and minimize or completely eliminate potential damage.

𝓲

Фото: rawpixel.com на Freepik

According to the company, key product capabilities include:

• In-depth traffic analysis: Detailing network events to application protocols to identify and analyze root causes of incidents.
• Proactive Threat Search: Store a history of network activity across all connections, from which it is possible to extract artifacts related to a violation of the company's information security policy or a criminal group.
• Network Activity Visualization - Displays a map of devices and connections to understand network interactions.
• Detection of anomalies and unauthorized actions: detection of suspicious activity, unauthorized devices (Shadow IT, BYOD), and illegitimate use of remote administration tools.
• Agent-free protection: Support for IoT and other devices where agent installation is difficult.
• Accurate, comprehensive real-time assessment of an attack: detect and implement potential threats, record incidents, locate an attack, restore chronology, and record evidence.

The product has already been entered into the register of Russian software (registry entry No27786 from 06.05.2025). Thanks to the use of the developments of the UDV Group Research Center, the solution also received the mark "Software belongs to the field of artificial intelligence": machine learning modules are used to detect protocol tunneling and identify algorithmically generated domains (DGA). This mechanism allows the detection of hidden data channels and reduces the response time to these information security events.

UDV Group's experience in ensuring the security of critical information infrastructure networks has allowed us to accumulate expertise based on the principles of comprehensive study of possible threats. In the UDV NTA product, we managed to supplement these developments with the necessary context and implement the product taking into account the current market needs in the wide possibilities of detecting cyber attacks, ease of use in combination with low equipment requirements. We are excited to take another step towards a secure digital future. told Victor Kolyuzhnyak, Director of Saiberlimfa LLC, UDV Group of Companies

UDV NTA is available for piloting from June 4, 2025. Prior to the start of the pilot project, Customers are provided with access to a test bench, where they can independently or with the help of vendor engineers study the product interface and test application scenarios that solve information security problems.