What To Look for in a Network Detection and Response (NDR) Product
As cyberattacks continue unabated, network detection and response products monitor traffic for suspicious activities. Here's a look at how an NDR tool can make your network more secure.
August 9, 2024
Applying behavioral analytics to network data traffic, network detection and response (NDR) products work tirelessly to detect abnormal system behavior before it can emerge into a full-blown attack. Typical NDR capabilities include detection, hunting, forensics, and response.
In an email interview, Jeff Orr, director of ISG Ventana Research, states that an NDR product should include the following basic attributes:
Visibility across the network layer to monitor and analyze network traffic.
Real-time threat detection and analysis.
Automated incident responses with the goal of improving mean-time-to-repair (MTTR) metrics.
Integration with threat intelligence repositories.
Incorporates threats identified by SecOps industry experts and other threat hunting activities, which could include the use of AI technologies to identify novel threats.
Erez Tadmor, field CTO at security policy provider Tufin, offers the following additional attributes via email:
Behavioral detection using machine learning and advanced analytics to detect anomalies.
Compatibility that supports both physical and virtual sensors for on-premises and cloud networks.
Incident management that's capable of aggregating alerts into structured incidents and automates responses such as host containment and traffic blocking.
Tadmore notes that these three features stand out because they ensure robust and efficient network security. "Comprehensive monitoring covers all network traffic, detecting intrusions at any point," he says. Behavioral detection, meanwhile, uses machine learning to identify sophisticated threats beyond traditional methods. "Compatibility with both on-premises and cloud networks offers flexibility and scalability. Incident management aggregates alerts and automates responses, speeding up threat investigation and mitigation."
Limitations
NDR's practical limitation lies in its focus on the network layer, Orr says. Enterprises that have invested in NDR also need to address detection and response for multiple security layers, ranging from cloud workloads to endpoints and from servers to networks. "This integrated approach to cybersecurity is commonly referred to as Extended Detection and Response (XDR), or Managed Detection and Response (MDR) when provided by a managed service provider," he explains.
Read more about:
Network ComputingAbout the Author
You May Also Like