ExtraHop has published, “The Role of NDR in Your Security Strategy,” a new white paper detailing a technology blueprint for effective network detection and response (NDR) to help organizations improve their security posture. This must-read report shares five key capabilities to help CISOs and IT security leaders derive greater value from their security strategy.
Today, more and more organizations are looking to NDR to strengthen their security posture and overcome a range of visibility and resource challenges associated with traditional endpoint detection and response (EDR) and security information and event management (SIEM) solutions. Validating growing demand, the Gartner® Market Guide for Network Detection & Response, December 2022 found the NDR market continues to grow steadily at 22.5%.
As the market becomes more crowded, the white paper aims to provide IT and security teams with a greater understanding of what NDR is, how it works, and what makes for a successful implementation, so organizations can extract immediate and lasting value. Readers will walk away with a greater understanding of the technical capabilities required for an NDR strategy to confidently move forward in their cybersecurity journey.
The five key capabilities include:
1. Cloud-scale machine learning: Utilize cloud-scale machine learning to ensure all environments are secure, without slowing business down.
2. Continuous and on-demand packet capture (PCAP): Look for solutions that offer both continuous and on-demand PCAP.
3. Internal traffic decryption: Ensure you have the ability to decrypt internal traffic across a range of protocols to detect attackers earlier in the attack cycle.
4. Clear intuitive workflows: Streamline investigations with clear, intuitive, and automated workflows to more easily understand the data.
5. Automated asset discovery: Automate managed and unmanaged asset discovery to discover new devices as soon as they communicate.
“As attackers’ techniques mature, organizations have realized they cannot rely solely on logs or endpoints for early threat detection – the network is where they’ll get the clearest picture of what is going on,” said Jesse Rothstein, co-founder and CTO, ExtraHop. “However, with the NDR market widening, there’s been a muddying of the waters with different claims and value propositions. When moving forward with NDR, it is important that organizations look carefully at the technical components within their solutions to ensure they will have a clear view of the attack surface, so they can more quickly detect, investigate, and respond to threats across cloud, on-premises, and hybrid environments.”