How did Network Detection and Response evolve?
Monitoring network traffic is not a new practice. In the beginning, network metadata was captured to analyze network performance characteristics. Is our network running okay? But as data volumes soared, many organizations were unable to harness network activity, leaving it as an untapped resource for cyber defense.<br/><br/>
Eventually, computing power caught up, giving companies network traffic visibility and behavioral analysis detection methods for computer security – technology first called network traffic analysis (NTA). And while NTA remains a fixture in enterprise security operations centers (SOCs), the market category has evolved and broadened to network detection and response. Organizations increasingly value the response capabilities in NDR solutions to address threats detected by network traffic analysis tools, which focus mainly on detection-only threats and mostly around basic variations of known threats.<br/><br/>
Today, increasingly sophisticated behavioral analytics; machine learning; and artificial intelligence (AI) of cloud, virtual, and on-premise networks form the backbone of NDR solutions. By harnessing these technologies, NDR vendors have enabled organizations to improve detection capabilities, determine the confidence and risk level of a threat, and increasingly automate tasks manual tasks performed by analysts such as the acquisition of relevant third-party contextual telemetry information and the application of standardized investigative playbooks to further prioritize threats by risk, thereby enabling them to focus strategically on triage and rapid response. By analyzing network behavior using machine learning models, advanced NDR tools can detect sophisticated evasion methods or “known unknown” cyber threats to brand new zero-day threats or “unknown unknowns.”