A key component of network security, Network Detection & Response (NDR) comprises a varying set of complementary network security technologies that together seek to automatically monitor, detect, analyze, and respond to sophisticated cyber threats.
Often including network traffic analysis, IDS/IPS, and advanced threat analysis, NDR solutions give security teams real-time visibility and awareness over network traffic and the ability to respond quickly to perceived threats.
With the growth of distributed networks, signature-based security tools such as IDS/IPS are no longer enough to ensure enterprise security. In addition to signature-based detection, security teams have recognized the need for broader analysis tools to detect and counter system-wide threats focused on the network itself which have no previous signature. NDR solutions harness advanced behavioral analytics, machine learning, and AI to provide an additional layer of protection across on-premises and cloud environments.
The most advanced NDR solutions offer myriad benefits:
Among the leaders in NDR, VMware NSX Network Detection and Response provides a tightly integrated set of network detection and response capabilities for east-west security within the data center and multi-cloud environments. The VMware NDR solution has the broadest set of detection capabilities — spanning a fully distributed IDS/IPS, behavior-based network traffic analysis, and a full-system emulation-based network sandbox.
NDR continuously ingests and correlates large volumes of network traffic and security events across multiple assets and hops. Collecting data from the network perimeter (to cover north-south traffic) and from sensors within the network (to cover east-west traffic), NDR solutions leverage AI and machine learning to develop a baseline understanding of normal network traffic flows — and therefore also an ability to detect malicious activity which does not follow normal patterns.
AI-powered NDR tools continuously learn and adapt to provide automatic detection of sophisticated, ever-evolving threats.
If an attack is detected, NDR solutions can deliver an end-to-end forensic analysis of the attack timeline, from initial infiltration to lateral movements within the network, and can automatically trigger prevention and mitigation workflows.
Organizations generally make an overall decision on whether they prefer: