What is Network Detection and Response (NDR)?

Network Detection and Response Defined

Network detection and response (NDR) solutions are advanced security products that use artificial intelligence (AI) such as machine learning to detect and alert potential cyberthreats within an organization’s network. NDR tools help security operations and network security teams obtain full visibility and enhance network detection against a variety of threats such as sophisticated evasion methods (“known unknown” cyberthreats) and brand new zero-day threats (“unknown unknown” cyberthreats). 

According to Gartner®, NDR solutions deliver incident response workflow interfaces that inform end users with: 

    1. The high-level scope, severity, and probability of an unusual event being malicious
    2. Events that are composed of alerts, details, and forensics to validate the maliciousness of the event
    3. Recommendations on a course of action to remediate the incident1

How Network Detection and Response Solutions Works

NDR solutions detect abnormal system behaviors by applying multiple detection models, including machine learning, to network traffic data by tapping into the network, sitting passively, and continuously analyzing raw network packets or traffic metadata in internal networks (east-west) and public networks (north-south) to identify signs of suspicious activity.  

NDR solutions provide visibility where logs are not being collected – including critical early-stage attack activities on the network – as well as added contextualization and higher confidence that an attack is occurring. It develops a baseline of normal behavior, and then uses models to identify suspicious patterns.  

NDR can help security operations (SecOps) and IT network security teams:  

  • Protect critical data stores in data centers and the cloud in real time.
  • Minimize mean time to respond (MTTR) when addressing attacks. The best NDR solutions enable organizations to decrease the dwell time of threats.
  • Eliminate blind spots with rules-based network threat detection and response.
  • Integrate with market-leading firewalls, security information and event management (SIEM) and endpoint detection and response (EDR) solutions for comprehensive visibility.

With the…