Network Detection & Response

Network detection and response (NDR) is a field of cybersecurity that detects malicious activity through the analysis of network traffic. Like endpoint detection and response (EDR), NDR solutions do not prevent malicious activity. Instead, detection and response solutions aim to stop attack activity in progress before it can result in harm. NDR is distinct from EDR in that it does not use an agent to gain insight into malicious activity, relying instead on a network or virtual tap for analysis of traffic across on-premises and cloud workloads.

According to Gartner and IDC

NDR was the second-fasting growing segment of the security market in 2020, growing at a 25 percent compound annual growth rate (CAGR).

NDR solutions analyse network traffic to detect malicious activity inside the perimeter—otherwise known as the east-west corridor––and support intelligent threat detection, investigation, and response.

Using an out-of-band network mirror port or a virtual tap, NDR solutions passively capture network communications and apply advanced techniques, including behavioural analytics and machine learning, to identify both known and unknown attack patterns. This data can also be used to perform real-time investigation into post-compromise activity and to forensically investigate incidents. While not all NDR solutions decrypt network traffic, the most advanced solutions provide secure decryption capability to help identify threats hiding within encrypted traffic.

TALK TO AN EXPERT

DIFFICULT TO EVADE

So threats can’t hide

COVERT & AGENTLESS

Stay stealth

GROUND TRUTH

From core to edge to cloud

But what does this mean in practice? The business and IT benefits include:

  • Reduce exposure to risk and the financial and reputational damage associated with serious data breaches and ransomware-related
    outages
  • Empower under-pressure SOC teams with optimized threat detection and response
  • Enhance IT efficiency with a single workflow for threat detection,
    response and forensics
  • Close compliance gaps
  • Save money with a single, powerful detection and response tool that works across on-premises, cloud, and hybrid environments
  • Monitor threats to IoT devices which don’t have endpoint security
    installed
  • Support digital transformation projects with the confidence that they will be built on secure foundations

TALK TO AN EXPERT

Cofence
Cisco
mimecast
IBM
Logpoint
Qualys
cyberfish
ExtraHop
netskope
SentinelOne
Rapid7
zscaler
fortinet
thycotic
Crowdstrike
Securonix logo
ThreatX logo