ExtraHop, the specialist in cloud-native network detection and response, has published, The Role of NDR in Your Security Strategy, a new whitepaper detailing a technology blueprint for effective network detection and response (NDR) to help organisations improve their security posture.
The report shares five key capabilities that are said to help CISOs and IT security leaders derive greater value from their security strategy.
According to ExtraHop, today more and more organisations are looking to NDR to strengthen their security posture and overcome a range of visibility and resource challenges associated with traditional endpoint detection and response (EDR) and security information and event management (SIEM) solutions.
The Gartner Market Guide for Network Detection & Response, December 2022, finds, “The network detection and response (NDR) market continues to grow steadily at 22.5%, per the latest Gartner security forecast, despite increased competition from other platforms.”
As the market becomes more crowded, the whitepaper aims to provide IT and security teams with a greater understanding of what NDR is, how it works, and what makes for a successful implementation, so organisations can extract immediate and lasting value.
According to ExtraHop, readers will walk away with a greater understanding of the technical capabilities required for an NDR strategy to confidently move forward in their cybersecurity journey.
The five key capabilities include:
- Cloud-scale machine learning: Utilise cloud-scale machine learning to ensure all environments are secure, without slowing business down.
- Continuous and on-demand packet capture (PCAP): Look for solutions that offer both continuous and on-demand PCAP.
- Internal traffic decryption: Ensure you have the ability to decrypt internal traffic across a range of protocols to detect attackers earlier in the attack cycle.
- Clear intuitive workflows: Streamline investigations with clear, intuitive, and automated workflows to more easily understand the data.
- Automated asset discovery: Automate managed and unmanaged asset discovery to discover new devices as soon as they communicate.
Jesse Rothstein, Co-founder and CTO, ExtraHop, says, “As attackers techniques mature, organisations have realised they cannot rely solely on logs or endpoints for early threat detection – the network is where they’ll get the clearest picture of what is going on. However, with the NDR market widening, theres been a muddying of the waters with different claims and value propositions.
“When moving forward with NDR, it is important that organisations look carefully at the technical components within their solutions to ensure they will have a clear view of the attack surface, so they can more quickly detect, investigate, and respond to threats across cloud, on-premises, and hybrid environments.”
In a recent blog post published by ExtraHop, Paul Ditty, Marketing Content Writer, writes, “What do you do when attackers can disable or otherwise circumvent the advanced security technologies your organization has been relying on to detect and prevent attacks?
“That’s a question facing many organisations using endpoint detection and response (EDR), security information and event management (SIEM), next-generation anti-virus (NGAV) and other tools, as threat actors employ malware designed to shut down endpoint agents or destroy logs. This question has led leading security organizations to turn to network detection and response (NDR).”
Ditty continues, “NDR solutions continually ingest, monitor and analyze network traffic and data to identify advanced cyber threats that have been designed to evade other security tools. The network is the highest fidelity data source for early threat detection because it can’t be compromised by attackers. Moreover, the network is where intruders land, expand their reach, establish command and control communications, move laterally and more..”