Recently, Gartner published its Market Guide for Network Detection and Response (NDR)*, previously named Network Traffic Analysis (NTA). This is the second year that Gartner has released the market report in this sector. It’s also the second year that the NDR solution from Hillstone Networks has been on the recommended vendor list. This is definitely a great acknowledgement and recognition of Hillstone Network’s NDR solution and technology platform. This is the first post of a blog series in which I will explore NDR technologies, (NDR and NTA are used interchangeably here). I will cover topics ranging from NDR basics, core techniques, components, deployment as well as future trends. According to Gartner, NDR “uses a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks.” An effective NDR solution must include these key requirements, according to Gartner.
- Real time (or near real time) traffic raw packet analytics
- Monitor and analyze north-south trafﬁc, in addition to east-west trafﬁc
- Model normal network trafﬁc and alert suspicious trafﬁc
- Behavioral analysis, such as machine learning (ML) or advanced analytics to detect anomalies
- Automatic or manual response capabilities
- It is deployed near critical servers and other protected assets.
- It taps into the existing network topology monitors and analyzes traffic in the protected zones in real time using advanced analytical mechanisms.
- It flags and highlights suspicious events to the security admins.
- It provides comprehensive traffic visibility and insights for the alerts in iCenter, its management console.