close banner

Network Detection and Response


    What is Network Detection and Response (NDR)?

    Network detection and response (NDR) platforms use technology that continuously monitors and detects anomalies and malicious activity on corporate networks using machine learning (ML) and data analytics. NDR platforms enable enterprises to monitor all network traffic, allowing them to react and respond to all threats. Gartner created the NDR category in 2020, who previously called it “network traffic analysis.”

    What are the benefits to deploying a NDR platform?

    • All network traffic is analyzed for its behavior, regardless of whether the traffic is encrypted or not. Cyber attackers and their actions are rapidly revealed so an organization’s security operations center (SOC) can respond.
    • NDR is part of the SOC Visibility Triad, a network-centric approach to threat detection and response (TDR). The two other parts of the triad include:
      • Endpoint detection and response (EDR): This technology is at the user’s endpoints and focused on containment, investigation, and remediation.
      • Security information event management (SIEM): This technology collects and analyzes data with user behavior analytics, artificial intelligence (AI), and ML to review all data.
    • NDR solutions provide vital network data the SIEM requires and add context to the various threats and vulnerabilities detected. With added AI packet-based behavioral fingerprinting, NDR platforms identifies behavior in encrypted traffic streams and host-based behavioral detections.
    • Workflow capabilities of NDR support SOC analyst workflows with integrated packet analysis insights. The user interface (UI) delivers enhanced collaboration across teams by auto-enriching and correlating disparate data sources, including but not limited to geography, passive DNS, MITRE techniques, and threat intelligence.
    • By combining context-driven, enterprise-wide visibility (including east-west visibility) and advanced analytical techniques, NDR platforms provide threat analysts an early notice of a possible a cyber attack, limiting the potential damage a hacker had done to the network. Its advanced mean time to detect (MTTD) identifies unusual remote access, port scanning, and the use of restricted ports and protocols.

    Related Products


    Network Performance
    Management Software


    Extend Network


    Packet Capture
    and Analysis

    Related Glossary Terms

    Network management refers to a network’s administration, maintenance, and oversight, covering both hardware and software.

    VoIP Technology and Glossary Although VoIP systems are capable of some unique functions (for example: video conferencing, instant messaging, and

    Type 1 LLC is connectionless. It simply identifies the source and destination service access points. It does little more than the Version II Ethertype.

    Examining A Protocol Analysis Trace Of Transmitting and Acknowledging In Type II Logical Link Control After the Type 2 connection has been set up, the

    The academic definitions of various parameters important for the evaluation of clock chips differ from the practical methods used for their measurement.