A key component of network security, Network Detection & Response (NDR) comprises a varying set of complementary network security technologies that together seek to automatically monitor, detect, analyze, and respond to sophisticated cyber threats.
Often including network traffic analysis, IDS/IPS, and advanced threat analysis, NDR solutions give security teams real-time visibility and awareness over network traffic and the ability to respond quickly to perceived threats.
With the growth of distributed networks, signature-based security tools such as IDS/IPS are no longer enough to ensure enterprise security. In addition to signature-based detection, security teams have recognized the need for broader analysis tools to detect and counter system-wide threats focused on the network itself which have no previous signature. NDR solutions harness advanced behavioral analytics, machine learning, and AI to provide an additional layer of protection across on-premises and cloud environments.
The most advanced NDR solutions offer myriad benefits:
- Pervasive Threat Visibility: Security teams can see threats — from intrusions to lateral movements — across the network, both on-premises and in the cloud.
- Lower False Positives: Organizations can reduce the number of false positives and free security teams to focus on stopping actual intrusions.
- Prevent or Halt Intrusions Faster: NDR uses AI and machine learning to operate in real-time and detect and stop threats at wire speed.
- Complete Attack Visualization: With a complete intrusion blueprint and a detailed threat timeline across the network, security teams can quickly understand the scope of an attack and prioritize resources.
Among the leaders in NDR, VMware NSX Network Detection and Response provides a tightly integrated set of network detection and response capabilities for east-west security within the data center and multi-cloud environments. The VMware NDR solution has the broadest set of detection capabilities — spanning a fully distributed IDS/IPS, behavior-based network traffic analysis, and a full-system emulation-based network sandbox.
NDR continuously ingests and correlates large volumes of network traffic and security events across multiple assets and hops. Collecting data from the network perimeter (to cover north-south traffic) and from sensors within the network (to cover east-west traffic), NDR solutions leverage AI and machine learning to develop a baseline understanding of normal network traffic flows — and therefore also an ability to detect malicious activity which does not follow normal patterns.
AI-powered NDR tools continuously learn and adapt to provide automatic detection of sophisticated, ever-evolving threats.
If an attack is detected, NDR solutions can deliver an end-to-end forensic analysis of the attack timeline, from initial infiltration to lateral movements within the network, and can automatically trigger prevention and mitigation workflows.
Organizations generally make an overall decision on whether they prefer:
- A managed NDR solution, in which a third-party vendor delivers the protection as a service and provides a certain level of integration with other vendors’ products you may have deployed.
- An in-house NDR solution, in which you own and manage the system and integrate it with your other security technologies. This has been typical in the past but is becoming more of a burden as the threat landscape expands.
- An automated NDR solution, such as a SOAR offering, is a more elaborate system that goes beyond NDR to provide comprehensive data gathering from multiple security technologies and automated incident response.