What is Network Detection and Response (NDR)?

Network detection and response (NDR) solutions are designed to detect cyber threats on corporate networks using artificial intelligence (AI), machine learning (ML), and data analytics. These tools build models of normal behavior by continuously analyzing network north/south traffic that crosses the enterprise perimeter as well as east/west lateral traffic, and then use these models to identify anomalous or suspicious traffic patterns.

NDR solutions should also incorporate incident response functionality beyond raising alerts. This could include automatically updating firewall rules to block suspicious traffic or providing functionality that aids with incident investigation and threat hunting.

Buyer's Guide KuppingerCole NDR Report

What is Network Detection and Response (NDR)?

The Need for a NDR Solution

Most cyberattacks occur over the network, which is both good and bad for defenders. On the one hand, attacks over the network can be detected and mitigated by network-level defenses. On the other, the complexity and scale of the average organization’s network and the growing sophistication of cyber threat actors can make it difficult to pick out attacks from legitimate traffic.

Deep network visibility and advanced threat prevention and detection capabilities are essential to protect the enterprise against cyber threats. Traditional, signature-based detection methods are often ineffective against modern threats, leaving the organization with a false sense of security. NDR security solutions provide an additional layer of network-level security and threat prevention capabilities that organizations require.

How Does NDR Work?

NDR solutions should be able to monitor both north-south and east-west traffic flows with strategically placed sensors. This provides deep network visibility which supports an NDR solution’s other features, including:

  • Cyber Incident Detection:NDR solutions move beyond signature-based detection to use artificial intelligence (AI), machine learning (ML), and data analytics to analyze network traffic. This enables them to detect patterns and identify anomalies in network traffic, allowing detection of suspicious or malicious traffic.
  • Investigation:NDR security solutions monitor network traffic and extract patterns that can point to anomalous or suspicious connections. This information is used to generate automated responses by the NDR solution and is provided to Security Operations Center (SOC) analysts to facilitate their incident investigation activities.
  • Intelligence Management:Network detection and response solutions may consume threat intelligence from inside and outside of the organization. This intelligence is used to help detect potential threats within network traffic and may be shared with other security solutions as part of a converged security architecture.
  • Feed Creation:A primary role of an NDR solution is to provide SOC analysts with insight into the current security posture and threats to their network. NDR will create a feed of security alerts indicating suspicious and potentially malicious network traffic.
  • Threat Prevention:In addition to alerting security analysts of potential threats, NDR solutions can also act automatically and proactively to prevent cyber attacks from succeeding. This can include working with firewalls and other security solutions to block suspicious or known-bad traffic from reaching its destination, disrupting the attack.

How Does NDR Enhance Your Security?

Traditional network security solutions are often detection-focused and use signature-based detection capabilities. Both of these are liabilities when protecting the enterprise against modern cyber threats.

The signature-based detection schemes used in many legacy security solutions, such as traditional antivirus and intrusion detection systems (IDSs), are no longer effective at detecting modern threats. Cyber criminals commonly use malware designed to differ from one campaign to another, meaning that signatures are outdated as soon as they are generated. An NDR solution uses advanced AI detection capabilities to identify and respond to even novel cyber threats, for which signatures do not yet exist.

NDR provides visibility inside the enterprise network, allowing analysts to determine affected assets and to correlate their anomalous behavior, yielding indicators for the attackers’ tactics, techniques, and procedures. Indicators are used to disrupt and contain the attacks, and to guide damage assessment and recovery operations.

Check Point’s NDR Solution

The need for network-level security solutions isn’t going away. The network is the most convenient means for launching cyberattacks, and cyber threat actors are constantly innovating to develop techniques that slip past enterprise network security solutions. Companies need advanced network security solutions, such as NDR, to help to prevent and detect these novel threats.

Additionally, as organizations move to the cloud, they need cloud security solutions that can protect their cloud-based environments. To learn more about securing your cloud environment, check out this Buyer’s Guide to Cloud Network Security.

Check Point’s Horizon NDR solution for private and public clouds as well as on-premises networks provides deep network visibility, threat intelligence and threat hunting capabilities to discover threats that may have evaded other security solutions. With Check Point NDR, an organization can protect its data, assets, and workloads against the latest cyber threats. To learn more about Check Point Horizon NDR and its capabilities, check out this video and read this complimentary copy of Kuppingercole  Analysts Leadership Compass for Network Detection & Response (NDR).

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.