Gartner Includes NDR as One of the Controls Against SUNBURST

When any new product claims to have a buzz-worthy innovation, consumers will inevitably be suspicious. Amid a cloud of buildup, technological advancements need a little settling time to either prove their worth or be dismissed as mere spin.

It's understandable if network security professionals are especially cautious. Organizational security is too important to gamble on frivolous spends, and analysts have zero time for gimmicks.

After the SUNBURST supply chain attack, we believe it became abundantly clear that network detection and response (NDR) technology lives up to any industry hype. In the attack's aftermath, security teams needed a realistic solution to detect sophisticated supply chain attacks, and NDR emerged as one of the few solutions that could actually detect these highly evasive attackers.

NDR as Actionable Supply Chain Attack Defense

In a recent blog post, 8 Controls to Thwart Sunburst and Other Supply Chain Attacks, Garter weighed in by listing actionable controls to prevent sophisticated adversaries from causing damage.

The article lists control measures, stating, "Deploy a network detection and response (NDR) product analyzing the traffic going to the Internet or other non-enterprise controlled networks."

Gartner also mentions lateral movement and reconnaissance, saying to, "deploy an NDR product that can detect reconnaissance traffic and lateral movement."

Gartner ends their post with a warning: "This attack vector will be leveraged again. The attack is not novel and can be thwarted with basic network security hygiene and the addition of a few basic network security controls."

The Hard Evidence

We've seen the clear-cut evidence of the NDR's effectiveness. In a recent security report, we showed how our NDR solution, ExtraHop Reveal(x), detected a 150 percent increase in suspicious activity while the SUNBURST attack was active. This discovery shows that behavior from supply chain attacks can be identified using network data.

As explained through case studies in the security report, once SUNBURST was disclosed, Reveal(x) customers were also able to quickly find the affected SolarWinds binaries in their environment. They could then use historical data to pinpoint signs of compromise and speed their incident response, further proving the real-world value of NDR.

NDR Stands Up to the Test

NDR has now been on the market long enough to show that machine learning and behavior-based detectors aren't a gimmick—they're a real solution to a very real threat. SUNBURST undoubtedly tested the benefits and limitations of many network security solutions. In the process, NDR stood out even further as a realistic, actionable way to detect and respond to supply chain attacks.

Attacks like SUNBURST aren't novel—and they will happen again—but by adopting NDR as part of a multi-layered security approach, organizations are setting themselves up to detect and defend against the next supply chain attack before it does any harm.

To learn more about how supply chain attacks work and where NDR fits into an effective defense strategy, read the post on the Gartner Blog.