Name: ThreatBook TDP NDR
Rating: 5 (137 reviews)

Overview

Product Information on ThreatBook TDP NDR

Updated 13th October 2025

What is ThreatBook TDP NDR?

ThreatBook TDP NDR is a software designed to identify, analyze, and respond to network-based threats within enterprise environments. The software uses network detection and response capabilities to monitor network traffic, detect anomalies, and provide insights into potential security incidents. It leverages threat intelligence and behavioral analysis to uncover hidden risks and deliver detailed threat context. The software supports the investigation of security events by providing automated alerts, forensic data, and visualization of attack paths. It aims to enhance threat visibility, streamline incident response, and support security teams in mitigating risks posed by advanced persistent threats and malware.

Overall experience with ThreatBook TDP NDR

Manager, IT Security and Risk Management

50M - 250M USD, Telecommunication

FAVORABLE

“Full-packet capture boosts threat detection but lacks VRF awareness”

5.0

Jun 1, 2026

We deployed ThreatBook TDP across our international POPs to gain carrier-grade traffic visibility. As a telecom operator handling multi-terabit backbone traffic, we needed deeper. inspection thanNetFlow sampling could provide. TDP's passive full-packet capture architecture integrated smoothly. at6 major POPs — Hong Kong, Singapore, Frankfurt, London, Tokyo, and Los Angeles — within a 3-week rollout window. The AI-driven detection engine reduced our daily alert volume from approximately 5,000 NetFlow-based anomalies to roughly 80 actionable incidents requiring SOC investigation. A notable win was catching a multi-hop C2 relay traversing our SingaporeaFrankfurt backbone that NetFlow had completely missed for 11 days. The API-driven closed-loop blocking with our edge routers via BGP Flowspec cut mean-time-to-block from 45 minutes to under 3 minutes. TDP fits well into our existing NOC workflow and has meaningfully improved our backbone threat visibility without adding operational overhead.

There are no reviews in this category.

CRITICAL

About Company

Company Description

ThreatBook is a provider of cyber threat detection and response services. We developed new approaches to deliver high-fidelity, efficient, and actionable security intelligence. We integrated these capabilities with a full life cycle threat detection system and incident response mechanisms to enhance protection across cloud, network, and endpoints. This helps enterprises respond to threats efficiently, reduce complexity, and improve security operations.

Company Details

Company type

Private

Year Founded

2015

Head office location

Beijing, China

Number of employees

501 - 1000

Website

https://threatbook.cn/next/en

Do You Manage Peer Insights at ThreatBook?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook TDP NDR

Reviewer Insights for: ThreatBook TDP NDR

Deciding Factors: ThreatBook TDP NDR Vs. Market Average

Performance of ThreatBook TDP NDR Across Market Features

ThreatBook TDP NDR Likes & Dislikes

a Full-packet deep packet inspection across our 10 Gbps backbone links replaced NetFlow-based sampling that was. missing roughly30% of short-duration anomalies. TDP's passive sensors at each international POP capture and inspect every packet in real time, surfacing threats like C2 beaconing, DNS tunneling, and covert channels our legacy. flow-based toolswere completely blind to. The AI engine condenses roughly 5,000 daily anomalies into 80 actionable cases, reducing NOC triage from 12 analyst-hours to under 3. a. Asa carrier offering cloud interconnect services, TDP's ability to detect cross-tenant lateral movement within our cloud exchange. fabrichas been invaluable. It caught an incident where a compromised tenant attempted to pivot through shared VLAN infrastructure toward our enterprise customers detected within 4 minutes through anomalous east-west traffic patterns. Passive tap deployment at interconnection points ensured zero latency impact on customer traffic, which is critical. for ourSLA commitments. a TDP. identifiesC2 beaconing, scanning patterns, and malware staging activity. daysbefore volumetric DDoS attacks materialize patterns that NetFlow sampling typically misses. We intercepted a Mirai-variant staging operation targeting our Southeast Asia POP 3. daysbefore weaponization, allowing proactive upstream filtering. The BGP Flowspec API integration with our edge routers automates blocking from detection. toenforcement. inunder 3 minutes, compared to our previous 45-minute. manualworkflow involving separate NOC and security teams.

Data exfiltration detection. forintellectual property protection. As. asmartphone manufacturer, our most. critical assets ar. ourR&D data camera ISP algorithms, chip reference designs, industrial design files, and OS source code. TDP's behavioral baselining detects anomalous. data transfers thattraditional DLP. and firewallrules miss. In one. case, anengineer uploaded 2.3 gigabytes of camera ISP design files to a personal cloud storage service at 2 AM on a Saturday. Our endpoint DLP. didnot flag it because. theengineer had legitimate access to those files, and. thefirewall saw only encrypted HTTPS traffic to a CDN. TDP detected three correlated anomalies simultaneously: the unusual upload volume for that specific host, the off-hours timing pattern outside the engineer's normal working window, and the destination domain's reputation as a personal file-sharing platform rarely accessed from R&D segments. The alert. firedwithin 3 minutes, and our. security team was ableto intervene before the upload completed. R&D network segmentation validation and drift detection. Our org maintains strict network segmentation between R&D labs, office networks, and production assembly lines to contain potential breaches. However, segmentation rules drift over time as. new servicesare deployed and switch configurations change. TDP continuously monitors cross-segment traffic patterns and alerts on communication that violates our intended segmentation policy. It discovered that a newly provisioned Jenkins CI server in the R&D segment was accidentally exposed to the office VLAN via a misconfigured switch. port TDP detected bidirectional HTTP. traffic betweenR&D and office segments that should have been strictly blocked by policy.

Passive DPI. caughtunauthorized Modbus TCP write attempts to. conveyorbelt PLC controllers at our Shanghai sorting hub someone connected a. diagnosticlaptop to the OT VLAN and tried to modify sort line routing parameters at 2am.TDP flagged the protocol-level anomaly within 3 minutes because the write pattern deviated from normal read-only polling baselines.Our facilities team isolated the port before any package misrouting occurred, and we later confirmed it. was acontractor testing equipment without authorization.Zero sort line downtime during peak season this could have caused thousands of misrouted packages per hour. TDP detected a contractor laptop on the guest Wi-Fi at our Shenzhen sorting center scanning internal WMS and transport management servers.The lateral movement was flagged within 4 minutes based on the unusual SMB and RDP scanning pattern from a non-corporate device. segment.W. contained theendpointand discovered the contractor had weak credentials that could have been. exploited for supplychain. access a criticalrisk given WMS servers contain shipment manifests, customer addresses, and customs clearance. data for millionsof. packages.Theincident drove a complete review. of guest networksegmentation. across all 100hubs. Passive asset discovery found. over 200undocumented devices. across our 8 monitoredhubs within the. first 5 days barcod. scannerswith embedded Linux,networked RFID readers, IoT temperature sensors. for cold chain storage,wireless APs. bridge. to OTVLAN, anda personal NAS device in a maintenance office.IT inventory. had no recordof these devices because logistics equipment is procured and. managed by facilitie. teams,not IT.TDP's automatedasset profiling gave us

a TDP lacks BGP/MPLS Layer. 3VPN awareness, meaning it sees. packets butcannot. maptraffic to specific customer VPN Routing and Forwarding instances. For a carrier operating hundreds of customer VRFs, this is a significant gap when TDP flags anomalous traffic, our NOC team spends 1015 minutes manually correlating source/destination IPs against our route reflector tables and customer VRFs to. determinewhich customer. i. affected beforewecan notify them. Native VRF-aware labeling would eliminate this entirely. a TDP operates as. astandalone security platform with no integration into telecom Operations Support Systems or Network Management Systems. There is no SNMP trap forwarding, no TMF. OSS/Jalignment, and no northbound interface for our existing NMS (e.g., Netcool, Spectrum). This forces our NOC to monitor two separate dashboards the existing NMS for infrastructure health and TDP for security events rather than having threat intelligence flow into the unified operational view our engineers are trained on. a TDP generates alerts for many anomalies our existing SNMP polling and NetFlow-based tools already surface such as traffic spikes, protocol anomalies, and port scans without any deduplication or correlation between the two sources. This creates roughly 1520 redundant alerts per day that our NOC engineers must manually correlate and dismiss, adding unnecessary noise to an already busy operational environment. A built-in correlation engine that consumes SNMP traps and NetFlow data alongside TDP's own detections would dramatically reduce this alert fatigue.

No native integration with our data loss prevention (DLP) platform. TDP excels. atdetecting anomalous data movement. patternson the network, but. whenit flags a suspicious 2-gigabyte file transfer, we have no automated way to determine whether the files involved. wereclassified. asconfidential. Our SOC analysts must manually switch to the DLP console, search for the source host and file path, and. checkthe data classification tags a process that adds 5 to 10 minutes to every exfiltration. investigationand introduces the risk of human error. A bidirectional API integration where TDP alerts automatically query the DLP system for file classification context, and DLP policy violations trigger TDP to capture the full network session for forensics, would turn two independent point solutions into. agenuinely integrated data protection workflow. Application-layer detection for custom and proprietary internal protocols is limited. Our org operates many custom-built internal applications firmware signing servers, automated build orchestration, QA test automation frameworks, and proprietary hardware debugging tools that communicate over custom TCP-based protocols. TDP sees these as generic application-layer traffic with no protocol-level deep inspection. We learned this the hard way: a firmware. signingserver. wascompromised and. theattacker. used the. customsigning protocol itself as a. C2channel, embedding command-and-control messages inside what appeared to be legitimate signing requests. TDP flagged the volume anomaly on that server, but could not identify the protocol-level abuse our threat hunting.

Approximately 60% of our B2B API traffic with major e-commerce platforms order ingestion from JD.com, Tmall, PDD, customs clearance data, and package status updates is TLS encrypted, invisible to TDP's deep packet inspection.This is a blind spot because these legitimate-looking encrypted channels could. beused for data exfiltration of customer PII or shipment manifests.We. have had tosupplement with. endpointagents on the API gateway servers to. get visibility,which partially defeats the purpose of network-level. detection.Native TLSdecryption with certificate. injectio. on known APIgatewaysegments would dramatically improve coverage. During Singles'. Dayand 618 shopping festivals, sorting hub traffic spikes 5-8x normal as package tracking, sorting telemetry, and CCTV streams surge simultaneously.At 8-10Gbps throughput across our largest hubs, TDP sensors hit 85-90% CPU and alert latency increases from near-real-time to 3-5 minutes.During 2025 11.11 peak, about 15% of. alertswere delayed beyond 5 minutes a compromised sorting controller during peak could cascade misroutes across the entire hub before detection.We have had to temporarily disable TLS inspection and reduce DPI depth during peak windows to keep up. TDP. has nonative integration with our warehouse management system (WMS), transport management system (TMS), or warehouse control system (WCS) the three platforms that orchestrate every package. movement.When TDPflags an alert on a server segment, we have no automated way to understand whether that. server wasactively processing shipments, handling customs documentation, or. routinghigh-value. packages atthat moment.Our 3-person. securityteam spends roughly 8-10 hours per week manually. correlatingalerts against WMS/TMS operational logs via spreadsheet.

Top ThreatBook TDP NDR Alternatives

4.8

(620 Ratings)

4.8

(471 Ratings)

4.7

(270 Ratings)

View All Alternatives

Peer Discussions

ThreatBook TDP NDR Reviews and Ratings

5.0

(137 Ratings)

Rating Distribution

5 Star: 92%
4 Star: 8%
3 Star: 0%
2 Star: 0%
1 Star: 0%

Customer Experience

Evaluation & Contracting

4.7

Integration & Deployment

4.8

Service & Support

4.9

Product Capabilities

4.8

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

Manager, IT Security and Risk Management
50M-1B USD
Telecommunication
Review Source
Full-packet capture boosts threat detection but lacks VRF awareness
5.0
Jun 1, 2026
We deployed ThreatBook TDP across our international POPs to gain carrier-grade traffic visibility. As a telecom operator handling multi-terabit backbone traffic, we needed deeper. inspection thanNetFlow sampling could provide. TDP's passive full-packet capture architecture integrated smoothly. at6 major POPs — Hong Kong, Singapore, Frankfurt, London, Tokyo, and Los Angeles — within a 3-week rollout window. The AI-driven detection engine reduced our daily alert volume from approximately 5,000 NetFlow-based anomalies to roughly 80 actionable incidents requiring SOC investigation. A notable win was catching a multi-hop C2 relay traversing our SingaporeaFrankfurt backbone that NetFlow had completely missed for 11 days. The API-driven closed-loop blocking with our edge routers via BGP Flowspec cut mean-time-to-block from 45 minutes to under 3 minutes. TDP fits well into our existing NOC workflow and has meaningfully improved our backbone threat visibility without adding operational overhead.
Manager, IT Security and Risk Management
50M-1B USD
Manufacturing
Review Source
Significant reduction in data exfiltration risk with rapid east-west visibility
5.0
Jun 1, 2026
Deploying ThreatBook TDP across our campus environment which. combines R&D labs,office networks, and smartphone assembly lines was driven by a. criticalneed: protecting our intellectual property from data exfiltration. Traditional perimeter firewalls and endpoint DLP gave. usnorth-south visibility but were completely blind to internal data movement patterns. TDP's sensors deployed at our core switches and R&D segment gateways within 4 business days, and we immediately gained visibility into east-west traffic patterns we had never seen before. The platform auto-discovered roughly 1,500 devices in the R&D segment alone including over 80 undocumented development servers and test devices that. IToperations had no record of. What differentiated TDP from our previous network monitoring attempts was the behavioral baselining: the system learned normal traffic patterns for each segment (R&D code repositories pulling from GitLab, build servers pushing artifacts, QA labs downloading test firmware). andthen surfaced deviations with rich context. Our mean time to detect suspicious data movement dropped from days to minutes, which is exactly what we needed. for athreat model. whereIP theft, not ransomware, is the primary concern.
MANAGER, IT SECURITY AND RISK MANAGEMENT
1B-10B USD
Transportation
Review Source
Extensive threat intelligence aids early warning but interface usability is lacking
5.0
Jun 2, 2026
Our logistics network spans over 100 sorting centers across China, processing millions of. packagesdaily through a blend of OT systems — automated sorters, conveyor controllers, barcode scanners, AGV. robots —and IT platforms for warehouse management, transport management, and package tracking.We deployed TDP as passive NDR across 8. ofour largest sorting hubs to gain visibility into east-west traffic that perimeter firewalls missed entirely.Within the first month, TDP detected a contractor laptop. on guest Wi-Fiscanning internal WMS. serversat our Shenzhen hub, and anomalous Modbus TCP communication with conveyor PLCs during non-maintenance hours in Hangzhou.The AI-driven alert aggregation was transformative — our network generates massive background. noise fromreal-time tracking pings, RFID bursts, and CCTV streams, but TDP condensed 4,000+ daily alerts to roughly 60 actionable events, saving our 5-person SOC team hours of manual triage.Passive tap deployment. tookonly. 3days per. hubwith. zeroimpact on sorting operations.
IT Security & Risk Management Associate
1B-10B USD
Manufacturing
Review Source
Accurate threat detection and strong analysis, but reporting needs work
5.0
Jun 9, 2026
TDP acts as the core network threat detection and analysis platform. of ourenterprise security system, providing full-traffic visibility, threat detection, and incident investigation capabilities. The detection engine is highly accurate with low false positives, and the threat intelligence integration is timely, which strongly supports our threat hunting and incident response operations. Some functions in automated blocking. andcustomized reporting still need to be enhanced.
IT Associate
50M-1B USD
Manufacturing
Review Source
Ultra-low false positives ease alert fatigue, setup complexity remains
5.0
Jun 1, 2026
We have deployed TDP for 12. months as our core network threat detectionsolution, with an overall satisfaction score of 4.5 out of 5. The. corereason for the high rating is its ultra-low false positive rate and native threat intelligence linkage, which greatly reduces our daily alert processing burden. It performs excellently in full-traffic asset mapping and automatic attack success judgment, while minor drawbacks. include complex initialTLS decryption configuration and higher resource consumption during peak traffic analysis.

...

Showing Result 1-5 of 141

Recommended Gartner Insights

This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.

ThreatBook TDP NDR

Overview

Product Information on ThreatBook TDP NDR

What is ThreatBook TDP NDR?

ThreatBook TDP NDR Pricing

Overall experience with ThreatBook TDP NDR

“Full-packet capture boosts threat detection but lacks VRF awareness”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook TDP NDR

Reviewer Insights for: ThreatBook TDP NDR

Deciding Factors: ThreatBook TDP NDR Vs. Market Average

Performance of ThreatBook TDP NDR Across Market Features

ThreatBook TDP NDR Likes & Dislikes

Top ThreatBook TDP NDR Alternatives

1. Darktrace / NETWORK

2. Vectra AI Platform

3. RevealX

Peer Discussions

ThreatBook TDP NDR Reviews and Ratings

5.0

(137 Ratings)

Rating Distribution

Customer Experience

Product Capabilities

Full-packet capture boosts threat detection but lacks VRF awareness

Significant reduction in data exfiltration risk with rapid east-west visibility

Extensive threat intelligence aids early warning but interface usability is lacking

Accurate threat detection and strong analysis, but reporting needs work

Ultra-low false positives ease alert fatigue, setup complexity remains

Recommended Gartner Insights

User Sentiment About ThreatBook TDP NDR

Reviewer Insights for: ThreatBook TDP NDR

Deciding Factors: ThreatBook TDP NDR Vs. Market Average

Performance of ThreatBook TDP NDR Across Market Features

ThreatBook TDP NDR Likes & Dislikes