Network detection and response (NDR) solutions are designed to detect cyber threats on corporate networks using machine learning and data analytics. These tools build models of normal behavior by continuously analyzing network north/south traffic that crosses the enterprise perimeter as well as east/west lateral traffic, and then use these models to identify anomalous or suspicious traffic patterns.
NDR solutions should also incorporate incident response functionality beyond raising alerts. This could include automatically updating firewall rules to block suspicious traffic or providing functionality that aids with incident investigation and threat hunting.
Most cyberattacks occur over the network, which is both good and bad for defenders. On the one hand, attacks over the network can be detected and mitigated by network-level defenses. On the other, the complexity and scale of the average organization’s network and the growing sophistication of cyber threat actors can make it difficult to pick out attacks from legitimate traffic.
Deep network visibility and advanced threat prevention and detection capabilities are essential to protect the enterprise against cyber threats. Traditional, signature-based detection methods are often ineffective against modern threats, leaving the organization with a false sense of security. NDR solutions provide an additional layer of network-level security and threat prevention capabilities that organizations require.
NDR solutions should be able to monitor both north-south and east-west traffic flows with strategically placed sensors. This provides deep network visibility which supports an NDR solution’s other features, including:
Traditional network security solutions are often detection-focused and use signature-based detection capabilities. Both of these are liabilities when protecting the enterprise against modern cyber threats.
A focus on detection means that a security solution attempts to identify a potential threat and then relies on a security analyst to perform incident response based on a generated alert. This means that incident response only occurs after the attack is successful, and swift-moving and automated cyberattacks may have already achieved their objective before an alert is seen and a response is launched. An NDR solution should integrate automated response capabilities that enable it to prevent an attack before any damage is done rather than responding after the fact.
The signature-based detection schemes used in many legacy security solutions, such as traditional antivirus and intrusion detection systems (IDSs), are no longer effective at detecting modern threats. Cybercriminals commonly use malware designed to differ from one campaign to another, meaning that signatures are outdated as soon as they are generated. An NDR solution uses advanced detection capabilities based on machine learning and data analytics to identify and respond to even novel cyber threats, for which signatures do not yet exist.
The need for network-level security solutions isn’t going away. The network is the most convenient means for launching cyberattacks, and cyber threat actors are constantly innovating to develop techniques that slip past enterprise network security solutions. Companies need advanced network security solutions, such as NDR, to help to prevent and detect these novel threats.
Additionally, as organizations move to the cloud, they need cloud security solutions that can protect their cloud-based environments. To learn more about securing your cloud environment, check out this Buyer’s Guide to Cloud Network Security. Check Point also offers a Cloud Security Blueprint and CloudGuard Architecture Reference Guide to help with designing your cloud security architecture.
Check Point’s NDR solution for private and public clouds as well as on-premises networks (currently in Early Availability) provides deep network visibility , threat intelligence and threat hunting capabilities to discover threats that may have evaded other security solutions. With Check Point NDR, an organization can protect its data, assets and workloads against the latest cyber threats. To learn more about Check Point NDR and its capabilities, check out this video.
Feedback