What exactly is NDR?
Network detection and response, more commonly called NDR, is a network solution that uses a combination of machine learning and advanced AI to detect suspicious activity on your network. This enables your team to respond to abnormal or malicious activity that other security tools, like endpoint detection and response (EDR) working alone, might miss. As an NDR constantly monitors and analyses network traffic, it learns what is considered normal behaviour for your network. This allows it to recognise anomalies more easily.
Network detection
NDR specifically looks at what is happening on the network, allowing it to take the massive amounts of data generated, pull out meaningful information, and search for contextual anomalies.
NDR not only detects abnormalities in network activity but provides context through features such as the real-time inspection of network communications and network traffic analysis. This allows NDR to detect and investigate threats, and anomalous behaviours across the whole of your network. NDR can understand the full extent and specifics of a security breach and then respond appropriately.
Each vendor’s NDR works slightly differently but Arista’s for example is designed to mimic the human brain. Recognising malicious threats, and learning over time, gives you greater visibility into the threats that exist and how to respond to them. It can deliver data packets more contextually, letting you see the device and personnel information you need to understand the anomalous behaviour detected.
NDR: taking network security further
Fraser Kyne likens network security controls to a three-legged stool with NDR, SIEM and EDR being the three legs. Without one, the stool will fall over, and so will your network. Each one has an important role to play in the security of your organisation’s network, below is a brief description of the jobs they do. For a more in-depth rundown click the links for individual information pages.
- Network Detection and Response (NDR) – gives you an overall view of the interactions of devices and network and detects anomalous behaviour
- Endpoint Detection and Response (EDR) – monitors and collects activity data from endpoints and analyses this to identify threats
- Security Information and Event Management (SIEM) – collects event log information from other systems and correlates this data between them.
Individually each has a great benefit, but together they create a strong network solution protecting your business from malicious cyber threats.
Networks have evolved to now include devices that can’t run EDR but are still prone to attack, like smart TVs, CCTV and IP phones. NDR was created to fill that security gap and allow greater visibility across your whole network.
Learn more about why NDR is an important pillar in your network security in our great video interview with Fraser.
Find out more
At Nomios, we believe NDR is an important step on your organisation’s cyber maturity curve. That’s why we’ve partnered with Arista and other trusted vendors to offer a range of NDR solutions designed to fit your business.
If you’d like to know more about NDR or book a demo for your own network, get in touch with our expert team today.
Do you want to know more about this topic?
Our experts and sales teams are at your service. Leave your contact information and we will get back to you shortly.