Network Detection and Response (NDR)
NDR - Network detection and response
Management systems are key in planning security solutions, and we divide them into several types, including NDR (Network detection and response). It emerged from a need outlined by security and risk management market leaders and service providers for detecting and responding to non-standard network traffic. NDR was previously referred to as network traffic analysis, but the new term more accurately reflects the functionality of these solutions. Following the name change, NDR solutions have been expanded to include more automatic and manual response functions. These platforms also use machine learning and other analytical techniques to monitor network traffic - this helps enterprises detect suspicious network traffic.
Network detection and response platforms
Network detection and response (NDR) platforms are highly flexible and have the ability to integrate with other IT security and cybersecurity solutions. Often customers are satisfied with their main tools for dealing with threats and just need to extend them with NDR functionality, we then achieve the ability to apply common analytical techniques to traffic monitored from a SPAN port. These are important when using security information and event management(SIEM), privileged account security(PAM) or(PAS), where primarily non-signature-based techniques (for example, machine learning or other analytical techniques) are used to detect suspicious traffic on corporate networks.
NDR tools continuously analyze raw traffic and/or flow records (for example NetFlow) to build models that continuously reflect normal network behavior. When our NDR tools detect suspicious traffic patterns, they raise an alert informing us of the threat. In addition to monitoring traffic in all directions that crosses the boundaries of our corporate network, NDR solutions can also monitor internal communications by analyzing traffic from strategically placed network sensors. An important feature of NDR solutions is also the functionality of so-called automatic responses (for example, sending commands to a firewall or network gateway to reject suspicious traffic) or manual responses (for example, providing tools to detect threats and respond to detected incidents) are typical elements of Network detection and response - NDR tools.