NDR - Platform Solution

Network Detection and Response Solutions

What is a network detection and response (NDR) solution?

Network detection and response (NDR) is an emerging area of cybersecurity that enables organizations to monitor network traffic for malicious actors and suspicious behavior, and to respond and counteract the detection of cyber threats to the network. The rise of NDR systems reflects the growing number of system-wide attacks by criminal actors, ranging from hackers to nation-states.

Gartner introduced the NDR solution category in 2020, renaming the former "network traffic analysis" designation. The category's evolution underscores the growing importance of response capabilities, which can include automated responses such as sending commands to a firewall to reject suspicious traffic, or manual responses such as threat hunting and incident response.

Monitoring network traffic is not a new practice. In the beginning, network metadata was collected to analyze network performance characteristics. Is our network running smoothly? But as data volumes skyrocketed, many organizations were unable to leverage network activity, making it an untapped resource for cyber defense.

Eventually, computing power caught up and enabled enterprises to gain insight into network traffic and behavioral analysis methods for cybersecurity - a technology initially called network traffic analysis (NTA). While NTA remains an integral part of enterprise security operations centers (SOCs), the market category has evolved to include network discovery and response. Enterprises increasingly value the response capabilities in NDR solutions to combat threats detected by network traffic analysis tools that focus primarily on threat detection and basic variations of known threats.

Today, increasingly sophisticated behavioral analytics, machine learning and artificial intelligence (AI) of cloud, virtual and on-premises networks form the backbone of NDR solutions. By leveraging these technologies, NDR vendors have enabled organizations to improve their detection capabilities, determine the trustworthiness and risk level of a threat, and increasingly automate manual tasks performed by analysts, such as collecting relevant contextual telemetry data from third-party vendors and applying standardized investigation playbooks to further prioritize threats by risk to strategically focus on triage and rapid response. By analyzing network behavior using machine learning models, advanced NDR tools can identify sophisticated evasion methods or "known unknown" cyber threats to brand new zero-day threats or "unknown unknowns".

Items 1 - 1 of 1