The Future of Network Detection and Response

Network Detection and Response, or NDR, has morphed from its original role as a traffic monitoring and statistics analysis tool. Today’s NDR solutions offer behavior-based analytics through artificial intelligence, machine learning tools and automated incident response. But how will NDR evolve in the future?

Integration will become the norm

In the near future, we will see far more integration with other security technologies. From one point of view, increasing numbers of data sources will be ingested by the NDR analytical platform, ranging across NGFWs, IDS/IPS, EDR (endpoint detection and response), sandboxes and others. Useful metadata from these devices will be extracted and sent to the NDR analytical center, adding to the depth, breadth and accuracy of NDR threat detection.

From the other viewpoint, threat detection technologies will be integrated into NDR solutions. These might include threat intelligence, Active Directory, and others. This integration will provide supplementary contextual information when suspicious behavior or threats are detected to help reduce false positives – and when admins are alerted, the additional context will boost their confidence in the findings.

We’ll see more options for deployment

Increasingly, we will see more options in the product or technology forms of NDR – whether a single hardware-based appliance, a distributed sensor network with a central analytical platform, or a virtual solution. Traditional datacenters and business applications are migrating to the cloud to take advantage of cloud-native applications and services that are far more dynamic, elastic and granular as well as massively scalable.

In the cloud, security will be deployed as microservices. This will provide micro-segmented east-west traffic visibility and threat protection with much finer granularity, awareness and scalability. NDR will need to adopt a cloud-native model to help protect cloud-based enterprise assets. As a result, NDR solutions will become even more flexible and adaptive, with the ability to monitor and protect both north-south and east-west traffic. Depending on the use case, NDR will also be able to provide granular detection and protection capabilities for cloud assets.

Automation becomes mandatory

As threats become ever more sophisticated and cloud adoption becomes ubiquitous, automation will be the key to establishing and enforcing a strong security posture. With the phenomenal increase in the amounts and types of traffic that must be processed, monitored and analyzed, it is ineffective and inefficient to perform these tasks without highly automated tools and processes.

For example, Security Orchestration Automation and Response (SOAR) combines behavior analysis, threat detection, threat hunting and incident response in an automated process based upon playbooks. These playbooks codify the appropriate automatic security response(s) to given threat scenarios, which relieves security analysts from labor-intensive manual threat detection, threat analysis and incident response tasks. Instead, security staff is free to focus on the most severe and critical issues of the moment. Thus, automation can greatly improve overall security and productivity, and help reduce operational costs and employee burnout.

What’s next?

NDR has been around for quite some time and can be considered a relatively mature technology. It has evolved beyond its original traffic monitoring function by adding behavioral-based analysis, machine learning techniques and incident response capabilities. The result is a much more robust NDR platform.

As it evolved, NDR embraced more data sources and developed proactive threat detection capabilities to become XDR, or extended detection and response. And finally, today NDR can conduct traffic analysis, threat detection and incident response at a much larger, global scale, as a platform called SOAR. Technology never stops evolving and converging. And NDR is on a trajectory to continue to improve threat detection and prevention, as well as response effectiveness and overall solution efficiency.

To learn more about NDR, view our white paper.