In this blog series, I have covered various topics under Network Detection Response (NDR): the building blocks and its core components and how Hillstone NDR differentiates itself from other technologies.
The Evolution of NDR
NDR has evolved from its original traffic monitoring and statistics analysis tool, subsequently adding behavior-based analytics using artificial intelligence, machine learning tools and incidence response into what it is today. So where is NDR going from here?
Integration Will Become Mainstream
We will see more technology integration. From one perspective, more and more data sources can be ingested into an NDR analytical platform, ranging across Next Generation Firewall, Endpoint Detection and Response, sandbox, Intrusion Prevention System, Intrusion Detection System, among others. Useful metadata can be extracted and sent to the NDR analytical center. From another perspective, we will see threat detection technologies integrated into the NDR solution, for example, threat intelligence, Active Directory, etc. This will provide additional contextual information once suspicious behavior or threat attacks are detected and admins are alerted, delivering more confidence on the findings, and also helping reduce false positives.
Form Factors Will Increase and Vary
We will see more disparate product or technology forms – be it a single, hardware appliance, or distributed sensor combined with a central analytical platform or a VM based solution. Today, traditional datacenters and business applications are rapidly shifting to the cloud, as cloud-native applications and services are much more granular, elastic, dynamic and also at massive scaling levels. Cloud security will be deployed in the forms of microservices and provide micro-segmented based east-west traffic visibility and threat protection that are at a much finer granularity and depth and range of scale. NDR will also need to adopt cloud native security.
NDR technology and its solutions will be more flexible and adaptive. It will monitor and protect both north-south and east-west bound traffic and, depending on the use case, provide granular detection and protection capabilities.
Automation Will be the Mandate
Automation will be key. With the explosive increase in the amount and type of traffic to be processed, monitored and analyzed, it’s become ineffective and inefficient to do this without the help of highly automated tools or process. Amongst today’s network security centers or security analytical platforms, Security Orchestration Automation and Response (SOAR) has become the technology integration fusion ground that combines behavior analysis, threat detection, threat hunting and incident response into a highly automated process using what’s called “playbook.” Playbooks relieve security analysts and admins from labor intensive, daily threat detection, threat analysis and incident response tasks. Instead, it helps them focus on the most severe and critical issues at hand . This can greatly improve overall productivity and also help reduce operational cost.
Where Do We Go from Here?
Network Detection and Response is not a brand-new technology. In fact, it has been around for a long time and can be considered a relatively mature technology. It has evolved from its original traffic monitoring function, adding behavioral-based analysis using data analysis, machine learning techniques and incident response capabilities to develop into a robust NDR platform. Along the way, it added more data sources, proactive threat detection capabilities to become XDR. And finally, today, it can scale to conduct traffic analysis, threat detection and incident response capabilities at a much larger, global scale, as a platform called SOAR. Technology never stops evolving and converging. And NDR is on a trajectory to continue to improve threat detection and prevention, as well as response effectiveness and overall solution efficiency.
Hillstone Networks Recognized in Gartner 2020 Market Guide for Network Detection and Response* for its sBDS Solution. Learn more about Hillstone Server Breach Detection System (sBDS) , please download whitepaper or watch our on-demand webinar now.
*: Gartner, Market Guide for Network Detection and Response, Lawrence Orans, Jeremy D’Hoinne, Josh Chessman, June 11, 2020