Network Detection and Response continues to evolve beyond its original role to achieve greater accuracy, scalability and automation. What can we expect to see? Read on for more. Credit: iStock Network Detection and Response, or NDR, has morphed from its original role as a traffic monitoring and statistics analysis tool. Today’s NDR solutions offer behavior-based analytics through artificial intelligence, machine learning tools and automated incident response. But how will NDR evolve in the future?Integration will become the normIn the near future, we will see far more integration with other security technologies. From one point of view, increasing numbers of data sources will be ingested by the NDR analytical platform, ranging across NGFWs, IDS/IPS, EDR (endpoint detection and response), sandboxes and others. Useful metadata from these devices will be extracted and sent to the NDR analytical center, adding to the depth, breadth and accuracy of NDR threat detection.From the other viewpoint, threat detection technologies will be integrated into NDR solutions. These might include threat intelligence, Active Directory, and others. This integration will provide supplementary contextual information when suspicious behavior or threats are detected to help reduce false positives – and when admins are alerted, the additional context will boost their confidence in the findings.We’ll see more options for deploymentIncreasingly, we will see more options in the product or technology forms of NDR – whether a single hardware-based appliance, a distributed sensor network with a central analytical platform, or a virtual solution. Traditional datacenters and business applications are migrating to the cloud to take advantage of cloud-native applications and services that are far more dynamic, elastic and granular as well as massively scalable.In the cloud, security will be deployed as microservices. This will provide micro-segmented east-west traffic visibility and threat protection with much finer granularity, awareness and scalability. NDR will need to adopt a cloud-native model to help protect cloud-based enterprise assets. As a result, NDR solutions will become even more flexible and adaptive, with the ability to monitor and protect both north-south and east-west traffic. Depending on the use case, NDR will also be able to provide granular detection and protection capabilities for cloud assets.Automation becomes mandatoryAs threats become ever more sophisticated and cloud adoption becomes ubiquitous, automation will be the key to establishing and enforcing a strong security posture. With the phenomenal increase in the amounts and types of traffic that must be processed, monitored and analyzed, it is ineffective and inefficient to perform these tasks without highly automated tools and processes.For example, Security Orchestration Automation and Response (SOAR) combines behavior analysis, threat detection, threat hunting and incident response in an automated process based upon playbooks. These playbooks codify the appropriate automatic security response(s) to given threat scenarios, which relieves security analysts from labor-intensive manual threat detection, threat analysis and incident response tasks. Instead, security staff is free to focus on the most severe and critical issues of the moment. Thus, automation can greatly improve overall security and productivity, and help reduce operational costs and employee burnout.What’s next?NDR has been around for quite some time and can be considered a relatively mature technology. It has evolved beyond its original traffic monitoring function by adding behavioral-based analysis, machine learning techniques and incident response capabilities. The result is a much more robust NDR platform.As it evolved, NDR embraced more data sources and developed proactive threat detection capabilities to become XDR, or extended detection and response. And finally, today NDR can conduct traffic analysis, threat detection and incident response at a much larger, global scale, as a platform called SOAR. Technology never stops evolving and converging. And NDR is on a trajectory to continue to improve threat detection and prevention, as well as response effectiveness and overall solution efficiency.To learn more about NDR, view our white paper. Related content brandpost Sponsored by Hillstone Networks SD-WAN and Cybersecurity: Two Sides of the Same Coin For most organizations, SD-WAN and security have become closely intertwined decisions. This interdependency can be viewed in a couple of ways, each of which can offer benefits for enterprises. By Hillstone Networks May 11, 2022 4 mins SD-WAN brandpost Sponsored by Hillstone Networks XDR: Contextualizing the Value of Cybersecurity Investments in cybersecurity are tied to business outcomes, and Extended Detection and Response is a way for businesses to gain flexibility, reduce data breach costs, and contextualize security value. By Hillstone Networks May 11, 2022 4 mins Security brandpost Sponsored by Hillstone Networks CWPP: How to Secure Cloud-Native Applications Built with Containers The innovation of cloud technology has greatly augmented productivity. But with it comes new vulnerabilities. The Cloud Workload Protection Platform solution will remedy this modernized threat field. By Hillstone Networks May 10, 2022 4 mins Cloud Security brandpost Sponsored by Hillstone Networks Protecting Cloud Assets in 5 Steps with Micro-Segmentation 5 Steps to Implement Micro-Segmentation and Protect Cloud Assets By Hillstone Networks May 04, 2022 4 mins Cloud Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe