What is NDR?
This blog will focus on the hottest 3-letter acronym of 2020 & 2021—NDR. Network Detection and Response solutions must address an expanding list of non-malware threats that revolve around data exfiltration, lateral movement, and targeted user attacks. Teams must deploy solutions that learn and adapt to new patterns in real time to ensure they stay vigilant in this changing threat landscape. Plixer Scrutinizer allows network and security operations teams to address both sides of a problem within a single interface.
Let’s break this down using the Gartner definition of NDR:
OK, so this is just one aspect of what it means to be a NDR tool, but the “how” of data collection is a big part of what makes these tools so powerful. The applications of analyzing data at scale and doing it effectively are the hallmark of a good solution. The applications here range from real-time network analysis on the wire to analyzing patterns inside a data lake. In these applications, how much we collect is directly related to how good the rest of the system can be.
Where you look determines what types of alerts you can generate. If you only look in a single spot, lateral movement is hard to detect no matter how much data you have available for analysis. Plixer Scrutinizer and our machine learning module allow users to monitor single hosts or entire subnets from multiple levels in a network. There is intelligent de-duplication, which ensures alarm data is accurate and trimmed down to show users only what they need to see.
Responding is where things can get overcomplicated. Many teams don’t like to have these tools take heavy-handed action to quarantine or block certain traffic. Instead, it is very common to push alert data into existing solutions like NAC, firewalls, web application firewalls, and SIEM/SOAR tools. This allows teams to fine-tune their desired alarm frequencies, thresholds, and patterns and then let the NDR platform inform the orchestration tools already in place.
Hopefully this has shed a little light on what this acronym means to you and your network team. If this was helpful and you would like to see more on how Plixer fits into this space, review the Gartner market guide on NDR solutions and request a demo of Scrutinizer today!