The Evolving Role of NDR: Part 4
There’s no secret that a Network Detection and Response (NDR) platform uses technology to continuously monitor and detect anomalies and malicious activity on corporate networks.
It uses machine learning (ML) and data analytics and enables enterprises to monitor all network traffic, allowing organizations to quickly react and respond to all possible cyber threats. In recent years more organizations are deploying an NDR platform to improve their network security and SOC’s efficiency and detect encrypted attacks. Today, artificial intelligence (AI) has now become an integral component of NDR.
Recently, Enterprise Strategy Group (ESG), a division of TechTarget published the “The Evolving Role of NDR” report. It highlights why NDR technology is being used by organizations to reduce the potential for serious business disruptions and accurately and quickly detect network threats.
To gain insight into industry trends, ESG surveyed 376 IT, cybersecurity, and networking professionals responsible for evaluating, purchasing, and managing network security products and services for their organizations. The study addresses the following in-depth:
- What key capabilities do organizations require from NDR solutions and the use cases they address.
- How NDR solutions fit into a broader security stack.
- Why security teams are now prioritizing NDR in their security strategy and the benefits they are seeing from this.
In the first three blogs of our ESG report series, we showcased the following:
- The threat issues networks are facing today.
- How NDR is being used more by organizations as their first line of defense, expanding its breadth of coverage.
- The various use cases for NDR and the importance of coverage and investigative capabilities.
In this blog, the final one in our series, we will share the remaining ESG findings including how AI has become integral to NDR as well as its security and business benefits.
AI Integral to NDR Deployment
Over the last few years, NDR vendors have added AI and ML capabilities to their tools. The need for AI/ML support is recognized by users, with 46 percent cited in the ESG report indicating strong AI capabilities are critical to NDR, and an additional 45 percent saying strong AI is important.
There is also a belief that AI can enable better detection. According to the ESG report, 61 percent of organizations stated they are interested in AI-enabled NDR for better detection accuracy, and 59 percent stated that it also improves detection speed.
AI/ML may provide benefits from an efficiency and workflow perspective as well including:
- Accurately prioritizing alerts (47 percent)
- Informing/directing analyst workflows (45 percent)
- Automating response (42 percent)
These three were all frequently mentioned by respondents. Especially in cloud environments where scale and speed are critical, these capabilities can help security teams keep pace.
Improved Security and Business Benefits to NDR
Security teams reported a variety of benefits because of their organization’s use of NDR. In fact, respondents claimed at least three benefits on average.
Improved SOC analyst efficiency was reported by 60 percent of organizations. Similarly, 59 percent cited reduced mean time to detection, and almost half indicated they had fewer data breaches. In addition to positive security outcomes, 49 percent claimed reduced operational costs, and 47 percent noted reduced operational complexity.
While cited least often, almost a quarter said that NDR had helped accelerate cloud migrations. So, while threat detection and response strategies can vary widely, NDR can help organizations achieve both better security and business outcomes.
Want to learn more about the ESG report?
Now that we concluded our ESG report blog series, we invite you to join our December 7, 2022 webinar at 1 pm ET / 10 am PT. During the webinar, Russell Elsner, LiveAction’s Vice President of Product Management, and John Grady, ESG’s Senior Analyst and the report’s author will cover the following:
- Security challenges across the current threat landscape
- The significant role encrypted threats pose
- Why cloud coverage is and will be critical
- Why are security teams now prioritizing NDR
- How you can better leverage your network for threat detection
There will be a Q&A session following the presentation. So, get your questions ready. We hope you can join us on December 7. If you can’t join us live, then make sure you register, and we’ll send you a link to the recording.
ThreatEye by LiveAction picks up where MFA stops and can address the cybersecurity space beyond stolen passwords. ThreatEye secures enterprises across on-premises, private, hybrid, public, and multi-cloud environments. Next-gen AI-driven NDR platform enriches and correlates data from disparate sources to enable network security analysts to respond in real-time. Using advanced fingerprinting techniques, ThreatEye uniquely characterizes the behavior of assets to identify malicious activity. Learn more about ThreatEye and talk to an expert today.