How does the NDR solution distinguish anomalous from malicious activity?

New applications, activities, or sites—like new devices that
join the network, software updates, DNS communications,
browser communications and streaming services like
Spotify—can exhibit anomalous behaviours the first few
times they are activated. A best-in-class NDR solution will
be able to distinguish malicious behaviour from normal
anomalous behaviour through both analytical techniques
and human expertise that can be applied at scale. NDR
vendors whose expert hunting teams use up-to-date
databases of threat knowledge and insights, and apply
advanced offensive techniques, offer a critical advantage
for developing detection models to identify threats more
quickly. Combining the judgment of these experts with
the use of AI and machine learning to constantly improve
security outcomes is key to increasing detection fidelity and
reducing risk.