What is Network Detection and Response (NDR)?

Network detection and response (NDR) solutions are designed to detect cyber threats on corporate networks using machine learning and data analytics. These tools build models of normal behavior by continuously analyzing network north/south traffic that crosses the enterprise perimeter as well as east/west lateral traffic, and then use these models to identify anomalous or suspicious traffic patterns.

NDR solutions should also incorporate incident response functionality beyond raising alerts. This could include automatically updating firewall rules to block suspicious traffic or providing functionality that aids with incident investigation and threat hunting.

Buyer's Guide KuppingerCole NDR Report

What is Network Detection and Response (NDR)?

The Need for a NDR Solution

Most cyberattacks occur over the network, which is both good and bad for defenders. On the one hand, attacks over the network can be detected and mitigated by network-level defenses. On the other, the complexity and scale of the average organization’s network and the growing sophistication of cyber threat actors can make it difficult to pick out attacks from legitimate traffic.

Deep network visibility and advanced threat prevention and detection capabilities are essential to protect the enterprise against cyber threats. Traditional, signature-based detection methods are often ineffective against modern threats, leaving the organization with a false sense of security. NDR security solutions provide an additional layer of network-level security and threat prevention capabilities that organizations require.

How Does NDR Work?

NDR solutions should be able to monitor both north-south and east-west traffic flows with strategically placed sensors. This provides deep network visibility which supports an NDR solution’s other features, including:

  • Cyber Incident Detection: NDR solutions move beyond signature-based detection to use machine learning and data analytics to analyze network traffic. This enables them to detect patterns and identify anomalies in network traffic, allowing detection of suspicious or malicious traffic.
  • Investigation: NDR security solutions monitor network traffic and extract patterns that can point to anomalous or suspicious connections. This information is used to generate automated responses by the NDR solution and is provided to Security Operations Center (SOC) analysts to facilitate their incident investigation activities.
  • Intelligence Management: Network detection and response solutions may consume threat intelligence from inside and outside of the organization. This intelligence is used to help detect potential threats within network traffic and may be shared with other security solutions as part of a converged security architecture.
  • Feed Creation: A primary role of an NDR solution is to provide SOC analysts with insight into the current security posture and threats to their network. NDR will create a feed of security alerts indicating suspicious and potentially malicious network traffic.
  • Threat Prevention: In addition to alerting security analysts of potential threats, NDR solutions can also act automatically and proactively to prevent cyber attacks from succeeding. This can include working with firewalls and other security solutions to block suspicious or known-bad traffic from reaching its destination, disrupting the attack.

How Does NDR Enhance Your Security?

Traditional network security solutions are often detection-focused and use signature-based detection capabilities. Both of these are liabilities when protecting the enterprise against modern cyber threats.

A focus on detection means that a security solution attempts to identify a potential threat and then relies on a security analyst to perform incident response based on a generated alert. This means that incident response only occurs after the attack is successful, and swift-moving and automated cyberattacks may have already achieved their objective before an alert is seen and a response is launched. An NDR security solution should integrate automated response capabilities that enable it to prevent an attack before any damage is done rather than responding after the fact.

The signature-based detection schemes used in many legacy security solutions, such as traditional antivirus and intrusion detection systems (IDSs), are no longer effective at detecting modern threats. Cybercriminals commonly use malware designed to differ from one campaign to another, meaning that signatures are outdated as soon as they are generated. An NDR solution uses advanced detection capabilities based on machine learning and data analytics to identify and respond to even novel cyber threats, for which signatures do not yet exist.

Check Point’s NDR Solution

The need for network-level security solutions isn’t going away. The network is the most convenient means for launching cyberattacks, and cyber threat actors are constantly innovating to develop techniques that slip past enterprise network security solutions. Companies need advanced network security solutions, such as NDR, to help to prevent and detect these novel threats.

Additionally, as organizations move to the cloud, they need cloud security solutions that can protect their cloud-based environments. To learn more about securing your cloud environment, check out this Buyer’s Guide to Cloud Network Security. Check Point also offers a Cloud Security Blueprint and CloudGuard Architecture Reference Guide to help with designing your cloud security architecture.

Check Point’s NDR solution for private and public clouds as well as on-premises networks (currently in Early Availability) provides deep network visibility , threat intelligence and threat hunting capabilities to discover threats that may have evaded other security solutions. With Check Point NDR, an organization can protect its data, assets and workloads against the latest cyber threats. To learn more about Check Point NDR and its capabilities, check out this video.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.