What does a good Network Detection and Response capability look like?

It will require a combination of behavioural detection techniques – including machine learning and deep learning – plus statistical analysis and heuristic techniques to detect suspicious traffic. It will have strong manual hunt capabilities, enabling threat hunters to investigate across network flow data and pull packet capture on any flow. It will be able to prioritise threats and provide contextual information for incident responders.