What To Look for in a Network Detection and Response (NDR) Product

As cyberattacks continue unabated, network detection and response products monitor traffic for suspicious activities. Here's a look at how an NDR tool can make your network more secure.

Network Computing

August 9, 2024

2 Min Read
network security conceptual illustration with motherboard circuit and locked padlock
Alamy

Applying behavioral analytics to network data traffic, network detection and response (NDR) products work tirelessly to detect abnormal system behavior before it can emerge into a full-blown attack. Typical NDR capabilities include detection, hunting, forensics, and response.

In an email interview, Jeff Orr, director of ISG Ventana Research, states that an NDR product should include the following basic attributes:

  • Visibility across the network layer to monitor and analyze network traffic.

  • Real-time threat detection and analysis.

  • Automated incident responses with the goal of improving mean-time-to-repair (MTTR) metrics.

  • Integration with threat intelligence repositories.

  • Incorporates threats identified by SecOps industry experts and other threat hunting activities, which could include the use of AI technologies to identify novel threats.

Erez Tadmor, field CTO at security policy provider Tufin, offers the following additional attributes via email:

  • Behavioral detection using machine learning and advanced analytics to detect anomalies.

  • Compatibility that supports both physical and virtual sensors for on-premises and cloud networks.

  • Incident management that's capable of aggregating alerts into structured incidents and automates responses such as host containment and traffic blocking.

Related:Introduction To Writing eBPF Programs for Linux Security

Tadmore notes that these three features stand out because they ensure robust and efficient network security. "Comprehensive monitoring covers all network traffic, detecting intrusions at any point," he says. Behavioral detection, meanwhile, uses machine learning to identify sophisticated threats beyond traditional methods. "Compatibility with both on-premises and cloud networks offers flexibility and scalability. Incident management aggregates alerts and automates responses, speeding up threat investigation and mitigation."

Limitations

NDR's practical limitation lies in its focus on the network layer, Orr says. Enterprises that have invested in NDR also need to address detection and response for multiple security layers, ranging from cloud workloads to endpoints and from servers to networks. "This integrated approach to cybersecurity is commonly referred to as Extended Detection and Response (XDR), or Managed Detection and Response (MDR) when provided by a managed service provider," he explains.

Continue Reading This Article on Network Computing

Read more about:

Network Computing

About the Author

Network Computing

Network Computing

Network Computing, a sister site to ITPro Today, provides community members with in-depth analysis on new and emerging infrastructure technologies, real-world advice on implementation and operations, and practical strategies for improving their skills and advancing their careers. Its community is a trusted resource for IT architects and engineers who must understand business requirements as well as build and manage the infrastructures to meet those needs.

See more from Network Computing
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

drawings of people with different colored brains
IT Management
Embracing Neurodiversity in IT Workplace to Bridge Talent GapsEmbracing Neurodiversity in IT Workplace to Bridge Talent Gaps
byNathan Eddy
Sep 2, 2024
6 Min Read
circuit board inside a cloud
Cloud Computing
Microclouds: The Next Big Thing in Cloud Computing or Just Another Edge Strategy?Microclouds: The Next Big Thing in Cloud Computing or Just Another Edge Strategy?
byChristopher Tozzi
Sep 5, 2024
4 Min Read
a laptop infected with a virus and above it the words linux ransomware
Linux OS
Linux Ransomware Threats: How Attackers Target Linux SystemsLinux Ransomware Threats: How Attackers Target Linux Systems
byGrant Knoetze
Sep 4, 2024
8 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Migrating From VMware Guide cover
VMWare
Migrating From VMware: Guide to a Successful TransitionMigrating From VMware: Guide to a Successful Transition
a wall and fire with the words linux uncomplicated firewall (ufw) tutorial, configure and manage
Linux OS
Linux UFW (Uncomplicated Firewall) Configuration Made EasyLinux UFW (Uncomplicated Firewall) Configuration Made Easy
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

a laptop infected with a virus and above it the words linux ransomware
Linux OS
Linux Ransomware Threats: How Attackers Target Linux SystemsLinux Ransomware Threats: How Attackers Target Linux Systems
data privacy quiz sample question above a desk
Data Privacy
Data Privacy Quiz: 20 Questions To Test Your KnowledgeData Privacy Quiz: 20 Questions To Test Your Knowledge