Fraser Kyne from Arista Networks gives us the lowdown.
As part of Nomios 101, we spoke to Fraser Kyne from Arista Networks about the importance of NDR, especially in an age of increasingly complex networks.
What exactly is NDR?
Network detection and response, more commonly called NDR, is a network solution that uses a combination of machine learning and advanced AI to detect suspicious activity on your network. This enables your team to respond to abnormal or malicious activity that other security tools, like endpoint detection and response (EDR) working alone might miss. As an NDR constantly monitors and analyses network traffic, it learns what is considered normal behaviour for your network. This allows it to recognise anomalies more easily.
NDR specifically looks at what is happening on the network, allowing it to take the massive amounts of data generated, pull out meaningful information, and search for contextual anomalies.
NDR not only detects abnormalities in network activity but provides context through features such as the real-time inspection of network communications and network traffic analysis. This allows NDR to detect and investigate threats, and anomalous behaviours across the whole of your network. NDR can understand the full extent and specifics of a security breach and then respond appropriately.
Each vendor’s NDR works slightly differently but Arista’s for example is designed to mimic the human brain. Recognising malicious threats, and learning over time, giving you greater visibility into the threats that exist and how to respond to them. It can deliver data packets in a more contextual way, letting you see the device and personnel information you need to understand the anomalous behaviour detected.
NDR: taking network security further
Fraser Kyne likens network security controls to a three-legged stool with NDR, SEIM and EDR being the three legs. Without one, the stool will fall over, and so will your network. Each one has an important role to play in the security of your organisation’s network, below is a brief description of the jobs they do. For a more in-depth rundown click the links for individual information pages.
- Network Detection and Response (NDR) – gives you an overall view of the interactions of devices and network and detects anomalous behaviour
- Endpoint Detection and Response (EDR) – monitors and collects activity data from endpoints and analyses this to identify threats
- Security Information and Event Management (SIEM) – collects event log information from other systems and correlates this data between them.
Individually each has a great benefit, but together they create a strong network solution protecting your business from malicious cyber threats.
Networks have evolved to now include devices that can’t run EDR but are still prone to attack, like smart TVs, CCTV and IP phones. NDR was created to fill that security gap and allow greater visibility across your whole network.
Learn more about why NDR is an important pillar in your network security in our great video interview with Fraser.
Find out more
Here at Nomios, we believe NDR is an important step on your organisation’s cyber maturity curve. That’s why we’ve partnered with Arista and other trusted vendors to offer a range of NDR solutions designed to fit your business.
Ready to talk?
Are you looking for pricing details, technical information, support or a custom quote? Our team of experts in is ready to assist you.