Containing a cyberattack: How NDR strengthens your response

This is part 3 in a 4-part series of articles by Plixer’s CEO, Jeff Lindholm. Be sure to check out part 1, How to use NDR as a radar system for your network and part 2, Why network metadata analysis is the best initial action to inform security teams. 

In this blog series, we’ve been talking about how to use NDR to stop cyberattacks. But no matter what tools you use to detect nefarious behavior in your network, the end goal is always the same: to stop it quickly and comprehensively. 

In my previous two blogs, I outlined how Plixer’s NDR platform, leveraging metadata from your existing network and security monitoring infrastructure coupled with our powerful machine learning, provides the fastest path to identifying suspicious traffic in your network. By quickly identifying anomalous behavior, it can proactively search for the tactics, techniques, and procedures that a threat actor must take as they search your network for your critical assets, enabling you to spot them early. 

Just as important to spotting threat actors early, though, is to identify everywhere they are within your network—what we call pervasive visibility. When NDR monitoring capabilities are limited to network egress points or high value network locations, they will have network blind spots. Those blind spots become safe havens for bad guys. As your security tools start to identify nefarious behavior and shut it down, it can quickly become apparent what corners of your network aren’t being monitored, offering bad actors shelter and time to navigate the rest of your network while they look for things of value. As I discussed in the first blog in this series, Plixer’s NDR platform acts like a radar system for your network, providing the pervasive visibility you need to identify and stop any compromise no matter where it occurs on your network, eliminating the blind spots. 

Once you’ve identified a compromise on your network, the next step is to contain and remediate the threat. To do that, you need your NDR solution to integrate with your existing response toolset. This ensures that your NDR solution works seamlessly with your existing playbooks, rather than forcing you to rethink them. Plixer’s NDR platform gives you all the information needed to contain the situation and stop the attacker in their tracks. For example, Plixer can block traffic on virtually any network infrastructure at the time of the event. 

Forensics come into play once the threat has been contained and remediated. Gaining a clear sense of exactly what happened is critical for after-action planning, including shoring up any security weaknesses and complying with regulatory disclosure requirements. This is where tools like PCAP and EDR are critical to your overall infrastructure. 

I discussed last week how PCAP was a poor tool for the purposes of early detection since it isn’t practical to deploy it across your entire network. Metadata is much more valuable for the purposes of monitoring network traffic for anomalies. For forensics purposes, though, capturing packets is critical to understanding what specific data was compromised and ensuring an informed response. Endpoint detection capabilities are particularly important, since your endpoints are among the most likely sources of compromise. All of this information will provide key insights to stopping the next attack. 

From detection to analysis to response, an NDR solution provides complete protection for your network. With focus on early and comprehensive detection, spotting anomalies with the intelligence of machine learning, an NDR solution optimizes finding threats in your network quickly. And integration into your existing orchestration and response infrastructure ensures remediation and forensics happen according to your current playbook. 

Plixer’s NDR platform specializes in early detection of network anomalies through pervasive visibility across your entire network, with no network blind spots. By integrating with your existing tools, such as ServiceNow, Plixer automates workflows and streamlines problem isolation and incident response. 

In next week’s final installment of this series, I’ll discuss how to assess the ROI of an NDR platform.