How do I integrate Network Detection and Response?
As with any cutting-edge security tool, NDR solutions are not deployed in isolation and often complement existing solutions already in place. Here’s how NDR solutions integrate with common systems.<br/><br/>
With your enterprise network<br/><br/>
NDR solutions are engineered to introduce minimal friction into SOCs while still providing network threat detection. NDRs leverage sensors that are deployed off a SPAN or TAP port to passively monitor network traffic.<br/><br/>
With your SIEM<br/><br/>
Integrations with SIEMs allows SOCs to seamlessly add NDR solutions to existing workflows. Why is this useful? Most organizations leverage their SIEMs as the central aggregation point for alerts related to malicious activity. Native integrations as a downloadable app for their preferred SIEM is often the preferred method for SOC teams to investigate, confirm and respond to those alerts. This allows the full visibility of the NDR to work within your SOC team’s workflow while allowing them to pivot into the NDR as needed for deeper analysis.<br/><br/>
With your SOAR<br/><br/>
Many NDR integrations occur within large enterprises with mature SOCs who prefer to leverage their own playbooks and workflows for response. Consequently the focus of NDR vendors is to provide integrations with market leaders in SOAR tools such as Splunk, Palo Alto XSOAR (Demisto), and Swimlane.<br/><br/>
With your workloads in public or private cloud providers<br/><br/>
As organizations move data and workloads to the cloud, NDR vendors are integrating with public cloud providers like Google and Amazon Web Services to enable NDR capabilities across cloud and hybrid cloud environments. Cloud integrations or private cloud environments should include the ability to monitor network traffic in their respective domain and not just deploy in a particular cloud or virtual network provider.