Savvy security professionals have long turned to the network for vital insight and forensic evidence. Now, the broader market is starting to understand Network Detection and Response (NDR), and getting closer to acknowledging and taking advantage of its true potential.
The 2020 Gartner Hype Cycle for Security Operations shows NDR well past the Peak of Inflated Expectations, and drawing near to the Slope of Enlightenment. The report defines NDR as follows:
"Network detection and response (NDR) technology uses a combination of machine learning, rule-based detection and advanced analytics to detect suspicious activities on enterprise networks. NDR tools analyze raw traffic and/or flow records (for example, NetFlow) to build models that reflect normal network behavior. When the NDR tools detect abnormal traffic patterns, they raise alerts. NDR solutions monitor north-south and east-west traffic. These tools also provide workflow capabilities to enable security teams to respond to incidents."
The report goes on to note the Business Impact of NDR:
"NDR solutions are valuable tools that assist network security professionals in the detection of compromised endpoints and targeted attacks. These tools have limited native blocking ability, or none at all (because most are implemented outside of the line of traffic), but they offer manual and/or automatic functionality for responding to alerts. Many NDR solutions can also be implemented to detect suspicious activity in IaaS environments."
Furthermore, many security operations teams have adopted the SOC Visibility Triad as a way of broadly defining their security requirements. The triad indicates three foundational data sources for security operations: endpoint data, logs, and network data. With EDR and SIEM already well established in the Slope of Enlightenment, and NDR coming close, the future looks bright for teams pursuing this winning strategy.
To view the complete Hype Cycle for Security Operations, click here.