Not all NDR providers are created equal

Modern organizations have seen massive expansion in their cyber-attack surface, as they continue to increase the number of cloud services, distributed devices, adding more network traffic and additional endpoints within their environments. With this growth, organizations have had to evolve their defensive strategies, moving from multi-tool, perimeter-focused security to a more comprehensive strategy that emphasizes holistic visibility of the company’s attack surface, and most importantly, response. 

According to a recent report, cybersecurity programs are struggling to manage attack surfaces that have become significantly more difficult due to pandemic conditions. 74% of the security leaders surveyed say that they have seen more attacks since the pandemic started, and 76% say that risk has increased. 55% say that protecting attack surfaces has also become more difficult for a multitude of reasons. 

Fortunately, there is light at the end of the tunnel as new cybersecurity solutions are being designed and developed to counter the rising risks and attacks. Businesses have been planning for major changes in cybersecurity, according to a recent article in Forbes. Specifically, 96 percent of enterprise executives are planning to adjust their cybersecurity strategies, and 55 percent indicate an increase in cybersecurity budgets. The biggest thing is that the new strategies will rely more and more on “automated, adaptive cybersecurity,” including Network Detection and Response (NDR) solutions. 

Why NDR now? 

Cyber attackers continue to evolve their capabilities and often leverage multiple tactics to evade security tools. But in doing so, they also create more opportunities to be found. Early detection and response remain among the most effective strategies for defending enterprises against malicious threats.  

NDR can play a significant role in early detection and threat hunting by giving security teams the ability to quickly and easily identify suspicious activity. With the right solution, businesses can capture, process, and analyze network traffic to detect and investigate incidents that may indicate a cyber-attack. 

Once the threat has been detected, security teams need the ability to respond with speed and accuracy – and with the flexibility to trigger both automated and manual responses. The best NDR solutions also prioritize threats and actions to be taken, giving incident responders the tools, they need to make risk-based decisions quickly.  

Check out our latest infographic exploring how NovaCommand brings NDR to the small and mid-sized enterprise.

Selecting the right NDR vendor 

Last year, Gartner recently released its Market Guide for Network Detection and Response (NDR), a handy tool for organizations looking to assess and compare the wide variety of NDR solutions on the market. According to the report, "enterprises should strongly consider NDR solutions to complement signature-based tools and network sandboxes. Many Gartner clients have reported that NDR tools have detected suspicious network traffic that other perimeter security tools had missed." 

The pandemic has only accelerated the growing demand for NDR solutions, and it has become a saturated market with many different vendors and approaches competing for market share. When businesses compound all of these choices with their internal struggles (resources, time, return on investment, skills), one of the biggest challenges is determining which tool to evaluate well before making a purchasing decision.  

Here are five critical elements to consider when selecting the best NDR vendor to secure an enterprise: 

1. Visibility – Many businesses lack the holistic visibility of their IT landscape needed to detect real-time threats. Leading network detection and response solutions provide organizations with deep visibility into their cyber terrain and all the tactics and techniques that attackers use to infiltrate networks, expand control, and entrench themselves. Better visibility equals a more secure enterprise, great efficiency, and better control. 
2. Data – NRD depends on ingesting large volumes and varieties of data in real-time. As AI and machine learning become more prominent in NDR solutions, then the volume and fidelity of the data matters even more. Vendors who operate on low volumes of data or have to write the data to disk and analyze post-event can't keep up with enterprise needs. 
3. Detection – Security teams need the ability to detect known and unknown threats - and more of them. NDR vendors use a range of techniques include signature analysis, malware detection, sandboxing, indicators analysis, email security, web security, machine learning, AI, deception, and asset risk analysis. Be sure to compare detection capabilities, false positives, industry reports and benchmark data.
4. Automation - Organizations need an NDR solution capable of automatically blocking network traffic, quarantining files, triggering response actions via API integrations, and eliminating malicious domains. When examining alerts, analysts make routine movements to gather the information that aids invalidation and response options. Solutions must enable automated data collection associated with alerts in preparation for analyst review, thus reducing manual actions.
5. Deployment - When considering deployment, businesses need to determine if the NDR solution is suitable for their environment (either SMB or Enterprise). Does the NDR solution support on-prem environments where no data leaves the client's environment, or can it be deployed in the cloud? Not all NDR providers have developed solutions that work with the native capabilities of the public cloud providers and could require investing in additional tools to gain access to traffic flows.  

An NDR solution is a “must have” but selecting the right tool can be a challenge given the number of vendors and your environment's specific goals or limitations. Be sure to understand the capabilities and options available today and do your research before making this critical decision.