The Evolving Role of NDR: Part 3
Were you aware that a Network Detection and Response (NDR) platform protects your network in various ways? According to a recent report from the Enterprise Strategy Group (ESG), more organizations are deploying the platform to accelerate their incident response and streamline their alert workflows.
As you know, an NDR platform uses technology to continuously monitor and detect anomalies and malicious activity on corporate networks. In recent years more organizations are deploying NDR platforms to improve their SOC’s efficiency to detect encrypted attacks and network security.
ESG, a division of TechTarget, published the “The Evolving Role of NDR” report highlighting why the platform is being used by organizations to reduce the potential for serious business disruptions and accurately and quickly detect network threats. To gain insight into these trends, ESG surveyed 376 IT, cybersecurity, and networking professionals responsible for evaluating, purchasing, and managing network security products and services for their organizations.
Yet the number of threat detection and response (TDR) tools that are available can leave users unsure of where to prioritize, thus the importance of deploying an NDR platform. The study addresses the following in-depth:
- What key capabilities do organizations require from NDR solutions and the use cases they address.
- How NDR solutions fit into a broader security stack.
- Why security teams are now prioritizing NDR in their security strategy and the benefits they are seeing from this.
In this blog, we will showcase the various use cases for NDR and the importance of coverage and investigative capabilities.
The Many Use Cases for NDR
The ESG report investigated the number of use cases security teams are applying an NDR platform. The findings showcased several items and at the top of the list are response capabilities. According to ESG research, more than 55 percent of respondents seek to improve their organization’s response capabilities. Relatedly, 47 percent use an NDR platform to accelerate their incident response processes.
The research also showcased that the evolution of traditional network traffic analytics (NTA) toward NDR is focused on streamlining workflows and facilitating integrations to ensure that once a threat is detected, it can be addressed quickly and effectively.
More than half of respondents use an NDR platform to monitor cloud environments, further validating the previous point about the need for consistency across internal and external environments.
Along similar lines, 41 percent use an NDR platform to monitor assets on which agents cannot be deployed. This could point to cloud environments as well as IoT devices, both of which can benefit from agentless deployment models.
Important Coverage and Investigative Capabilities
ESG’s research also showed that NDR platforms are being used to support various use cases requiring several capabilities.
The report showcased that organizations are looking to address various parts of the environment and the ESG learned the top three NDR attributes for organizations were:
- Understanding IoT/OT protocols (40 percent)
- Deployment flexibility (34 percent)
- Coverage for IaaS environments (31 percent)
Additionally, 33 percent of organizations believe that the ability to consume SaaS telemetry is a newer feature that can help round out NDR coverage. When it comes to investigating incidents, security analysts typically have a preference as to how they like to work. Some prefer to turn to the Security information and event management (SIEM) platform early in the process, reflected by the fact that 35 percent cited the need for integrations with SIEM and Security orchestration, automation, and response (SOAR) tools. Conversely, other organizations may spend more time in the NDR console itself, either to triage and perform initial analysis or because their organization does not use a SIEM platform.
As a result, 34 percent highlighted the need for a strong UI to investigate events directly. Finally, 30 percent cited the need to detect encrypted threats without decrypting, highlighting the threat posed by these types of attacks.
Upcoming Final NDR Blog
The ESG report showcases how organizations are deploying an NDR platform to improve their response capabilities and monitor cloud environments. In the final blog in our series, we will share the remaining NDR findings including how AI has become integral to NDR as well as its security and business benefits.
Want to learn more about the ESG report?
Now that we concluded our ESG report blog series, we invite you to join our December 7, 2022 webinar at 1 pm ET / 10 am PT. During the webinar, Russell Elsner, LiveAction’s Vice President of Product Management, and John Grady, ESG’s Senior Analyst and the report’s author will cover the following:
- Security challenges across the current threat landscape
- The significant role encrypted threats pose
- Why cloud coverage is and will be critical
- Why are security teams now prioritizing NDR
- How you can better leverage your network for threat detection
There will be a Q&A session following the presentation. So, get your questions ready. We hope you can join us on December 7. If you can’t join us live, then make sure you register, and we’ll send you a link to the recording.
ThreatEye by LiveAction picks up where MFA stops and can address the cybersecurity space beyond stolen passwords. ThreatEye secures enterprises across on-premises, private, hybrid, public, and multi-cloud environments. Next-gen AI-driven NDR platform enriches and correlates data from disparate sources to enable network security analysts to respond in real-time. Using advanced fingerprinting techniques, ThreatEye uniquely characterizes the behavior of assets to identify malicious activity. Learn more about ThreatEye and talk to an expert today.