NDR is a new approach to network-based threat detection and response that supports rapid investigation, internal visibility, intelligent response and enhanced threat detection across on-premises, cloud, and hybrid environments. Unlike log-based approaches like SIEM or agent-based tools like EDR, data cannot be deleted and tampered with. In fact, the network provides an unrivalled “ground truth” for IT teams in that it’s almost impossible for attackers to avoid certain key activities, which NDR can spot.
Visibility is further enhanced by capabilities designed to peer into encrypted traffic flows. And cloud-powered machine learning can be used to baseline the “normal” behaviors of entities on the network and contextually identify anything suspicious—a huge improvement over legacy rules and signature-based detection.
Although NDR isn’t a core component of zero trust, it can help to accelerate adoption, by enhancing the IT visibility organizations need to get going and supporting enhanced collaboration for traditionally siloed teams.
In short, it offers:
360-degree visibility into hybrid networks, cloud transactions, and device types: including automatic discovery of every asset on the network and profiling of every managed and unmanaged device, including IoT endpoints.
Real-time detection of threats and performance anomalies: using high fidelity advanced machine learning and behavioral analysis. Also continually monitors and safeguards network traffic—including SSL/TLS encrypted traffic—up to 100 Gbps, to validate policy enforcement.
Intelligent, integrated threat response across the zero trust environment: including accelerated investigation workflows from a customized dashboard. Integration with third-party solutions (EDR, SIEM etc) enhances both automated responses and manual investigation and remediation.
Improves analyst productivity and IT collaboration: A single integrated workflow for SecOps, network operations, cloud, and DevSecOps teams helps to streamline operations. Automated response and workflows save analysts time and empower operational staff to work on high value investigations.