Name: ThreatBook TDP NDR
Rating: 4.9 (133 reviews)

Overview

Product Information on ThreatBook TDP NDR

Updated 13th October 2025

What is ThreatBook TDP NDR?

ThreatBook TDP NDR is a software designed to identify, analyze, and respond to network-based threats within enterprise environments. The software uses network detection and response capabilities to monitor network traffic, detect anomalies, and provide insights into potential security incidents. It leverages threat intelligence and behavioral analysis to uncover hidden risks and deliver detailed threat context. The software supports the investigation of security events by providing automated alerts, forensic data, and visualization of attack paths. It aims to enhance threat visibility, streamline incident response, and support security teams in mitigating risks posed by advanced persistent threats and malware.

Overall experience with ThreatBook TDP NDR

Manager, IT Security and Risk Management

500M - 1B USD, Miscellaneous

FAVORABLE

“Incident response improved significantly though regional threat customization still lags”

4.0

May 28, 2026

We deployed ThreatBook TDP about eleven months ago to address a long-standing visibility. gap across our global supply chainnetwork. As a consumer electronics. holding company withoperations spanning hardware design, manufacturing, and distribution across Africa and South Asia, we manage a complex network environment with roughly. 4,000 endpoints spreadacross. multipl. sites. BeforeTDP,our security. team relie. almostentirely onfirewall logs. and endpoint alerts,with essentially no east-west traffic. visibility inside oursegmented production and R&D subnets. TDP's out-of-band. mirror deploymen. was critical for us --w. couldn't afford tointroduce an. appliance into the pathof production traffic, and the passive tapapproach meant. we were up and running wit. meaningful coverage within a we. k without . ny change managementoverhead. The immediatevalue was discovering 60+ undocumentedassets acrossour Shenzhen and overseas manufacturing. sites -- servers and embedded devices that nobody had tracked in our CMDB fo. years. The AI-driv. n alertcorrelation engi. e has also been a genu. ne . ime saver: our team of . hree SOC analys. snow reviews roug. ly 35 to45 high-fi. elity. alerts perday down from. a peak of over1,800raw events, which has dramaticallychanged how we allocateinvestiga. ion time.Over the past year, TDPhas beenthe first-touch detection toolin five confirmed incident investigations, including two cases involving suspected supply-chain-motivated lateral movement targeting our R&Dfile servers.

There are no reviews in this category.

CRITICAL

About Company

Company Description

ThreatBook is a provider of cyber threat detection and response services. We developed new approaches to deliver high-fidelity, efficient, and actionable security intelligence. We integrated these capabilities with a full life cycle threat detection system and incident response mechanisms to enhance protection across cloud, network, and endpoints. This helps enterprises respond to threats efficiently, reduce complexity, and improve security operations.

Company Details

Company type

Private

Year Founded

2015

Head office location

Beijing, China

Number of employees

501 - 1000

Website

https://threatbook.cn/next/en

Do You Manage Peer Insights at ThreatBook?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook TDP NDR

Reviewer Insights for: ThreatBook TDP NDR

Deciding Factors: ThreatBook TDP NDR Vs. Market Average

Performance of ThreatBook TDP NDR Across Market Features

ThreatBook TDP NDR Likes & Dislikes

The AI-driven alert aggregation has. been transformativefor a small team operating across multiple time zones. Our pre-TDP workflow involved three analysts rotating shifts to review raw firewall and IDS logs, with no meaningful correlation across data sources. A single DDoS probe or internal misconfiguration could generate hundreds. of duplicate alert. within minutes, burying the one genuinelysuspicious lateralmovement event. underneath thousands of noise events. TDP'. correlation engi. e now groups relatedevents into a small number of contextualized incidents --typically 35to 45 per day -- each with a concise kill-chain summary, affected asset. list, and recommended response action. The most significant example was a multi-stage intrusion attemp. wedetected last Q3: TDP correlate. 2,300 raw events spanning s. x inter. al hosts across a four-hour window into asingle incident timeline, allow. ng ouranalyst on duty to understand thefull attackscope in under 20 minutes and initiate containment before any data exfiltrationoccurred. The out-of-band deployment model and zero-impact footprint have. been critical for maintaining operational continuity acros. our manufacturing and logisticsinfrastructure. W. originally evaluated two other NDR solutions, both of which required inlinedeployment with bypass capabilities -- a requirement that our O. andnetwork teams flatly rejected for production environments wher. any packet loss is unacceptable. TDP. s passive tap architect. re resolved thisentirely. . he deployment team completed the initial se. sor rollout across threesites over three days without a singlechange-managem.nt ticket tothe production network team, andour manufacturing throughput metrics showed nodeviation during or.after deployment. The full capture c

a Full-packet deep packet inspection across our 10 Gbps backbone links replaced NetFlow-based sampling that was. missing roughly30% of short-duration anomalies. TDP's passive sensors at each international POP capture and inspect every packet in real time, surfacing threats like C2 beaconing, DNS tunneling, and covert channels our legacy. flow-based toolswere completely blind to. The AI engine condenses roughly 5,000 daily anomalies into 80 actionable cases, reducing NOC triage from 12 analyst-hours to under 3. a. Asa carrier offering cloud interconnect services, TDP's ability to detect cross-tenant lateral movement within our cloud exchange. fabrichas been invaluable. It caught an incident where a compromised tenant attempted to pivot through shared VLAN infrastructure toward our enterprise customers detected within 4 minutes through anomalous east-west traffic patterns. Passive tap deployment at interconnection points ensured zero latency impact on customer traffic, which is critical. for ourSLA commitments. a TDP. identifiesC2 beaconing, scanning patterns, and malware staging activity. daysbefore volumetric DDoS attacks materialize patterns that NetFlow sampling typically misses. We intercepted a Mirai-variant staging operation targeting our Southeast Asia POP 3. daysbefore weaponization, allowing proactive upstream filtering. The BGP Flowspec API integration with our edge routers automates blocking from detection. toenforcement. inunder 3 minutes, compared to our previous 45-minute. manualworkflow involving separate NOC and security teams.

First,I appreciate TDP's detection capability and high level of accuracy.In most cases,if TDP generates a detection alert,there is indeed a real issue,and false positives are very rare.In daily operations,I mainly focus on alerts related to successful attacks.Second,I value the response efficiency of ThreatBook. Whenvever I report an issue,the ThreaBook team responds very quickly and handles the problem thoroughly.They also regularly organize technical sharing sessions,which help me learn about new attack scenarios and security technologies.

The encrypted traffic analysis capabilities have real limitations when your network has high TLS penetration. Approximately 70 percent of our internal east-west traffic is now encrypted. --a trend that has accelerated as our R&D teams adopted more cloud-native tooling. Without inline TLS inspection, which we cannot deploy for operational reasons, TDP's behavioral models are limited to connection metadata, certificate characteristics, and timing patterns for encrypted. sessions. We have hadtwo confirmed incidents. in the past year wherethe initial detection came from unencrypted lateral movement activity, but subsequent investigation revealed that the earlier stages of the intrusion involved encrypted C2 communications that TDP did not flag. The encrypted traffic. analysi. module would benefitfrom deeperbehavioral modeling -- for example, identifying C2 beaconing patterns based on connection interval regularity even when payload content is opaque. The out-of-the-box detection. rulesand threat intelligence integration need better customization for non-China-centric. threat landscapes. Ouroverseas operations in Africa and. South Asia face a differentthreat actor profile compared to domestic China deployments -- more commodity ransomware, more financially-motivated groups, and less APT activity associated with. the threat actors TDP's default rules appear optimized to detect.When we have tried to. tune the detection rules to reduce false positives from legitimate overseas businesstraffic patterns -- for example, flagging certain African mobile carrier. IP ranges as suspicious -- the rule customization interface requires manual IO. uploads rather than offeringan intelligent suppression model. W. als. lack visibility into whether TDP'. threat intelligencecoverage f

a TDP lacks BGP/MPLS Layer. 3VPN awareness, meaning it sees. packets butcannot. maptraffic to specific customer VPN Routing and Forwarding instances. For a carrier operating hundreds of customer VRFs, this is a significant gap when TDP flags anomalous traffic, our NOC team spends 1015 minutes manually correlating source/destination IPs against our route reflector tables and customer VRFs to. determinewhich customer. i. affected beforewecan notify them. Native VRF-aware labeling would eliminate this entirely. a TDP operates as. astandalone security platform with no integration into telecom Operations Support Systems or Network Management Systems. There is no SNMP trap forwarding, no TMF. OSS/Jalignment, and no northbound interface for our existing NMS (e.g., Netcool, Spectrum). This forces our NOC to monitor two separate dashboards the existing NMS for infrastructure health and TDP for security events rather than having threat intelligence flow into the unified operational view our engineers are trained on. a TDP generates alerts for many anomalies our existing SNMP polling and NetFlow-based tools already surface such as traffic spikes, protocol anomalies, and port scans without any deduplication or correlation between the two sources. This creates roughly 1520 redundant alerts per day that our NOC engineers must manually correlate and dismiss, adding unnecessary noise to an already busy operational environment. A built-in correlation engine that consumes SNMP traps and NetFlow data alongside TDP's own detections would dramatically reduce this alert fatigue.

I think the TDP API documentation is not comprehensive enough,as it does not include all the fields displayed on the web interface.In addition,some weak password detection results are not entirely accurate.

Top ThreatBook TDP NDR Alternatives

4.8

(620 Ratings)

4.8

(470 Ratings)

4.7

(260 Ratings)

View All Alternatives

Peer Discussions

ThreatBook TDP NDR Reviews and Ratings

4.9

(133 Ratings)

Rating Distribution

5 Star: 89%
4 Star: 11%
3 Star: 0%
2 Star: 0%
1 Star: 0%

Customer Experience

Evaluation & Contracting

4.8

Integration & Deployment

4.8

Service & Support

4.9

Product Capabilities

4.9

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

Manager, IT Security and Risk Management
50M-1B USD
Miscellaneous
Review Source
Incident response improved significantly though regional threat customization still lags
4.0
May 27, 2026
We deployed ThreatBook TDP about eleven months ago to address a long-standing visibility. gap across our global supply chainnetwork. As a consumer electronics. holding company withoperations spanning hardware design, manufacturing, and distribution across Africa and South Asia, we manage a complex network environment with roughly. 4,000 endpoints spreadacross. multipl. sites. BeforeTDP,our security. team relie. almostentirely onfirewall logs. and endpoint alerts,with essentially no east-west traffic. visibility inside oursegmented production and R&D subnets. TDP's out-of-band. mirror deploymen. was critical for us --w. couldn't afford tointroduce an. appliance into the pathof production traffic, and the passive tapapproach meant. we were up and running wit. meaningful coverage within a we. k without . ny change managementoverhead. The immediatevalue was discovering 60+ undocumentedassets acrossour Shenzhen and overseas manufacturing. sites -- servers and embedded devices that nobody had tracked in our CMDB fo. years. The AI-driv. n alertcorrelation engi. e has also been a genu. ne . ime saver: our team of . hree SOC analys. snow reviews roug. ly 35 to45 high-fi. elity. alerts perday down from. a peak of over1,800raw events, which has dramaticallychanged how we allocateinvestiga. ion time.Over the past year, TDPhas beenthe first-touch detection toolin five confirmed incident investigations, including two cases involving suspected supply-chain-motivated lateral movement targeting our R&Dfile servers.
Manager, IT Security and Risk Management
50M-1B USD
Telecommunication
Review Source
Full-packet capture boosts threat detection but lacks VRF awareness
5.0
Jun 1, 2026
We deployed ThreatBook TDP across our international POPs to gain carrier-grade traffic visibility. As a telecom operator handling multi-terabit backbone traffic, we needed deeper. inspection thanNetFlow sampling could provide. TDP's passive full-packet capture architecture integrated smoothly. at6 major POPs — Hong Kong, Singapore, Frankfurt, London, Tokyo, and Los Angeles — within a 3-week rollout window. The AI-driven detection engine reduced our daily alert volume from approximately 5,000 NetFlow-based anomalies to roughly 80 actionable incidents requiring SOC investigation. A notable win was catching a multi-hop C2 relay traversing our SingaporeaFrankfurt backbone that NetFlow had completely missed for 11 days. The API-driven closed-loop blocking with our edge routers via BGP Flowspec cut mean-time-to-block from 45 minutes to under 3 minutes. TDP fits well into our existing NOC workflow and has meaningfully improved our backbone threat visibility without adding operational overhead.
IT Associate
<50M USD
Manufacturing
Review Source
Comprehensive Security Coverage and Efficient Response Noted With TDP Platform
5.0
May 8, 2026
I think the TDP platform is overall very practical and easy to use,with no major shortcomings.It serves as an all-in-one security operations platform that covers the entire security workflow,including asset attack surface management,monitoring and detection,automated analysis,and response and remediation capabilities.In daily operations,I regularly verify and remediate exposed attack surfaces identified by TDP. Its detection capability is also quite strong. TDP has helped me identify emerging threats such as Sliver Fox malware and worm viruses,and by integrating with the firewall for automated blocking,it has greatly improved the speed of incident response and made further investigation and troubleshooting much more efficient.
IT Associate
50M-1B USD
Consumer Goods
Review Source
An Integrated One-Stop Security Operations Platform
5.0
May 11, 2026
TDP is a network traffic monitoring platform that provides capabilities such as asset attack surface identification, helping organizations better understand and manage their internal attack surfaces.It also includes threat monitoring features that help detect internal security incidents in a timely manner.For incident response and closed-loop security operations, TDP can integrate with other security devices to automatically block malicious activities.Overall, it serves as a one-stop security operations platform that combines visibility,threat detection,investigation,and automated response capabilities to improve daily security operations efficiency and reduce manual workload for security teams.
Manager, IT Security and Risk Management
<50M USD
IT Services
Review Source
Stable threat detection with powerful log collection, but complex deployment process
4.0
May 26, 2026
we have used this security product for years in our daily operation. it delivers stable threat detection capabilities and comprehensive log collection, helping us reduce false alerts effectively. howecer, the initial deployment is complex,user operation is relatively complicated, and functional updates are released too frequently ,bringing extra adaptation costs to our team.

...

Showing Result 1-5 of 137

Recommended Gartner Insights

This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.

ThreatBook TDP NDR

Overview

Product Information on ThreatBook TDP NDR

What is ThreatBook TDP NDR?

ThreatBook TDP NDR Pricing

Overall experience with ThreatBook TDP NDR

“Incident response improved significantly though regional threat customization still lags”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About ThreatBook TDP NDR

Reviewer Insights for: ThreatBook TDP NDR

Deciding Factors: ThreatBook TDP NDR Vs. Market Average

Performance of ThreatBook TDP NDR Across Market Features

ThreatBook TDP NDR Likes & Dislikes

Top ThreatBook TDP NDR Alternatives

1. Darktrace / NETWORK

2. Vectra AI Platform

3. RevealX

Peer Discussions

ThreatBook TDP NDR Reviews and Ratings

4.9

(133 Ratings)

Rating Distribution

Customer Experience

Product Capabilities

Incident response improved significantly though regional threat customization still lags

Full-packet capture boosts threat detection but lacks VRF awareness

Comprehensive Security Coverage and Efficient Response Noted With TDP Platform

An Integrated One-Stop Security Operations Platform

Stable threat detection with powerful log collection, but complex deployment process

Recommended Gartner Insights

User Sentiment About ThreatBook TDP NDR

Reviewer Insights for: ThreatBook TDP NDR

Deciding Factors: ThreatBook TDP NDR Vs. Market Average

Performance of ThreatBook TDP NDR Across Market Features

ThreatBook TDP NDR Likes & Dislikes