The Evolving Role of NDR: Part 1
Your network security inspection tool is catching threats it knows how to catch, but what are you doing about the threats it doesn’t know how to identify?
According to Statista, Q2 2022 saw approximately 52 million data breaches globally. This was an increase of almost 30 million from Q1 2022. Let’s face it, cyber attacks and bad actors continue to target various industry sectors. Organizations are concerned about protecting their networks, but are they using the right tools to protect their data and set their SOCs up for success?
One such technology tool that is making a significant impact on cybersecurity is network detection and response (NDR). These platforms continuously monitor and detect anomalies and malicious activity across corporate networks. In recent years organizations are deploying NDR platforms to improve their SOC’s efficiency to detect encrypted attacks and network security faster.
Recently, Enterprise Strategy Group (ESG), a division of TechTarget, published a report “The Evolving Role of NDR”. It highlights that the potential for serious business disruptions remains high and it is vital for organizations to accurately and quickly detect network threats. This is critical to organizations so they can prevent data loss, compliance violations, and most importantly, lost revenue.
To gain insight into these trends, ESG surveyed 376 IT, cybersecurity, and networking professionals responsible for evaluating, purchasing, and managing network security products and services for their organizations.
In part one of a four-part blog series, we will showcase some of the findings included in the ESG report such as:
- Complexity, Threats, and the SOCs Workload Remains a Serious Issue
- Issues Remain Prevalent Across the Attack Chain
- Encrypted Attacks are Increasing Across Multiple Stages
The remaining blogs will focus more on NDR and the statistics ESG published in their report; however, in this blog, we will demonstrate the issues your network is facing today.
Complexity, Threats, and the SOCs Workload Remains a Serious Issue
Threat detection and response (TDR) continues to be difficult for many security teams for a variety of reasons. Almost half of the organizations cited in the report said their TDR workload continues to increase, and this increase is the result of having to defend more distributed and dynamic environments against increasingly persistent and sophisticated adversaries.
Environmental complexity continues to play a key role. Two of the top network challenges cited in the ESG research included the following:
- 40 percent reporting more cloud base resources.
- 36 percent said the increase of devices on and connecting to the network.
The threat landscape is also top of mind with 37 percent of organizations stating that sophisticated threats have increased, making things difficult to find legitimate attacks. And that’s not all, another 35 percent claim the volume of threat has increased, making it difficult to keep up with the pace.
Issues Remain Prevalent Across the Attack Chain
As a result of these challenges, many security teams are having difficulty detecting and stopping threats targeting their organization. Further, issues persist across most of the MITRE ATT&CK Framework. While nearly one-third of ESG’s respondents cited difficulty identifying and blocking command and control communications, many also reported issues during evasive and persistence phases. Almost 30 percent of those asked said they have difficulty with detecting credential access, privilege escalation, execution, and initial access. Detecting reconnaissance and lateral movement were less problematic but still reported by 19 percent and 18 percent of organizations, respectively.
Encrypted Attacks are Increasing Across Multiple Stages
The use of encryption to obfuscate attacks is one reason detection has become difficult. In fact, 24 percent of organizations cited in the ESG report have suffered an attack that leveraged encryption at least once, while almost half experienced multiple attacks using encrypted traffic.
More than two-thirds of organizations that had suffered an encrypted attack reported that data was exfiltrated through encrypted channels. This was followed by 64 percent indicating that command and control communications were encrypted and/or malware was encrypted during delivery because of a lack of visibility in the organization’s network. In fact, only 34 percent of organizations said they have full visibility into all the encrypted traffic on the network.
Upcoming NDR blog series
As you can see, organizations continue to see a rise in sophisticated attacks, and they can’t defend what they can’t see. In our blog series, we will continue to share additional findings from ESG’s research and the reasons NDR is vital to improving your network security. The upcoming blogs will showcase:
- How security teams are prioritizing NDR for several reasons
- The diverse use cases of NDR
- How AI has become integral to NDR and its security and business benefits
ThreatEye by LiveAction picks up where MFA stops and can address the cybersecurity space beyond stolen passwords. ThreatEye secures enterprises across on-premises, private, hybrid, public, and multi-cloud environments. ThreatEye is a next-gen AI-driven NDR platform enriching and correlating data from disparate sources to enable network security analysts to respond in real-time. Using advanced fingerprinting techniques, ThreatEye uniquely characterizes the behavior of assets to identify malicious activity. Learn more about ThreatEye and talk to an expert today.