Complete protection for companies | TechBuzz

- Advertisement -

Some consider Network Detection & Response (NDR) to be the missing link in the chain of protection – others see it as an (almost) superfluous technique.

Basically, Detection & Response can handle all known endpoint suites. But: A complete detection of an attacker requires a little more technical skill than a standard endpoint protection platform (EPP) provides. This is how endpoint detection and response technology (EDR) developed a few years ago, which was quickly adapted by many manufacturers. Experts now considered the endpoint to be well protected, but still believed that there were blind spots in the network and servers. That was the birth of Network Detection & Response, NDR for short. Such solutions use a combination of non-signature-based advanced analytics techniques such as machine learning to detect suspicious network activity. To do this, they continuously analyze the data traffic as well as all data streams and the network load. Armed with this information, security teams can respond to anomalous or malicious traffic and threats that other security tools may miss.

NDR is spreading more and more

As soon as the NDR technology was there, voices were raised that the security solutions had no network gaps and could find and ward off all attackers at all levels. Nevertheless, the market for NDR solutions has grown significantly. Big players who offer such products include Darktrace, Vectra, Cisco and ExtraHop. According to “IDC-Market-Share”, these four had a market share of 40 percent at the end of 2019 with a market volume of 1.3 billion dollars in sales. That’s quite a lot for a solution that some consider superfluous. However, IDC also includes the established SIEM providers (Security Information and Event Management). Because SIEM works in a similar way to NDR: By analyzing log data, it evaluates whether there are any abnormalities in the network. The disadvantage of SIEM is that it takes a relatively long time to learn, since it first has to understand what is a wrong and what is a permitted movement of a user in the network.

Gartner’s “Market Guide for Network Detection and Response” from June 2020 also recorded that the NDR market is constantly growing. Almost 20 market-relevant providers are already named there – not including SIEM providers. FireEye, for example, is actually a provider of endpoint security solutions.

Trend Micro Network One: With the solution, companies receive XDR messages from all network parts via the Vision One dashboard.
(Quelle: com! professional)

- Advertisement -

In addition, more and more classic providers are adapting NDR technology. Sophos bought Braintrace and its NDR technology in mid-2021 and integrated it into existing Sophos solutions. Some time ago, Trend Micro also anchored the XDR technology in its umbrella product Network One, which combines all detection and response technologies – including NDR.

The development of NDR and the reactions of the established providers show that Network Detection & Response is a useful technology. Like EDR, it should gradually become an integral part of every large security solution for companies. The last manufacturer will follow suit at the latest when larger tests show that NDR can find the few missing percent of attackers more and better.

The technology behind NDR

NDR technology should do nothing other than check all unusual actions in a network for plausibility. You can do this yourself or forward the relevant information to a security solution or security team. But not all networks are the same: while some providers only mean the company’s own network and monitor all services or IoT services in it, other solutions mean that they also use the cloud, software as a service (SaaS) or external mail services like monitoring Microsoft 365.

- Advertisement -

There are also differences in how NDR solutions respond to detected anomalies. Some products only have one data sensor in the network that collects all the information and then evaluates it in real time if possible, or evaluates it as a package elsewhere for further analysis. Some NDR solutions – such as ForeNova – forward the result of the analysis and the most important data to an existing security solution, which then automatically takes further measures. Other NDR solutions go so far as to trigger protective measures themselves. To do this, of course, they have to be integrated into a solution or be an integral part, as is the case with Sophos or Trend Micro, for example.

The NDR providers explain that they do not want to displace existing solutions, but rather want to expand the defense. Many, such as ExtraHop, also propose in white papers the use of endpoint protection platforms, EDR and SIEM that work in parallel. They even offer interfaces for evaluating and using data from various security tools.

Source link

- Advertisement -
I am admin of blog & I provide tech-related news. As a part of my hobby, I make content related to technology and gadgets reviews too. I love to be a content creator apart from it, I am a full-time employee in an MNC company and manage blogs systematically. You can mail me at [email protected]

More from author

Related posts


Latest posts

Struggling with smartphone PINs | TechBuzz

If your PIN on your smartphone is 1234 or 0000, then you have the honor of...

Shutting down your computer is taking too long? Check out the ways you can fix this problem on Windows 10 and Windows 11! ...

Shutting down a Windows computer seems simple at first glance, but it's actually a complex process that can cause certain problems in some situations.Windows...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!