Network detection and response (NDR) technology and its extended detection and response (XDR) have been getting a lot of attention within the network security industry, particularly from large government, finance, energy, and education entities wanting to proactively insure their networks against known and unknown threats. In this blog, we break down this emerging technology platform and why it’s an essential part of a company’s network protection strategy.
In our current cybersecurity landscape, there are two truths: cyberattacks are continuing to increase in size, scope, and sophistication – and there’s more of an attack surface than ever before, due to the IoT, rapid digital transformation, and the acceleration of remote work.
Even with these realities, the network security industry has largely been focused on threat hunting – not threat stopping. However, over the past few years, there’s been substantial interest in a particular sector of security – network detection and response (NDR). The growth of the NDR and XDR (extended detection and response) sectors represent a shift to proactive, anticipatory CyberSafety – much different than reactive, often too-little, too-late CyberSecurity.
According to Gartner, global NDR revenue grew by 23% in 2020, with growth expected to continue in a similar trajectory this year. So, what is X/NDR, how does it work, and what are the benefits? We break it down below:
What is X/NDR technology, and how does it work?
At a high level, NDR technology enables organizations – with the help of artificial intelligence (AI)-based machine learning – to monitor their network traffic for malicious actors and suspicious behavior. The platform’s tools analyze this traffic to create a model that represents a “normal” network – how a network typically behaves. The technology is using the past to predict the present, and because the platform is monitoring north/south as well as east/west traffic, it’s easier to find potential threats.
When the NDR technology detects a threat, it’s able to inform a network security team of the event’s scope, severity, and the likelihood that it’s malicious. If there are several threats, it’s able to rank them in order of risk level, suggest a course of action to remediate the event, and stop it within microseconds. It’s similar to having a Firewall Everywhere™ within your network instead of (can we say what the status quo is? Is it just surrounding vs. being everywhere?).
XDR technology takes NDR one step further by collecting threat data from every part of an organization’s extended network – network, endpoint, and cloud data on all nodes and devices – and orchestrating it to create a clear, easy-to-see picture of its security. If NDR is a ground-level view, think of XDR as the aerial view – a single pane of orchestration in which to see its threat landscape.
What are the benefits of X/NDR technology?
- Greater visibility: In the network security industry, the “single pane of orchestration” view of an organization’s network security is talked about as a myth. X/NDR technology makes that myth a reality by helping an organization focus on the most important events and bringing usually siloed security solutions together for an integrated view.
- Improved threat detection and response: Because X/NDR security tools – like CloudCover’s CyberSafety CC/B1 Platform – depend on machine learning, they can analyze patterns and learn from them to prevent similar attacks. When the behavior of a network changes, the technology knows – and it can help teams respond to threats in real time, with 99.9999999% accuracy. The platform detects and finds the stealthiest of attacks – the “Unknown Unknowns” that can bring companies to their knees.
- Operational efficiency: Typical security operation centers (SOCs) require human assistance, but right now, the supply of available and qualified security professionals is at a minimum. With an X/NDR platform, an organization’s entire threat landscape can be seen at a glance – and suspicious traffic can be detected in microseconds, reducing the expense and difficulty of staffing an SOC.
- Ease of use: A quality X/NDR solution is agnostic and able to be layered on top of an organization’s existing security stack without any disruption to existing services.
What industries can benefit from X/NDR technology?
While it might make sense for every data-sensitive organization to take a look at implementing an X/NDR solution, there are a few specific industries and types of companies that may benefit from the technology more than others:
- Government: This industry is already heavily researching X/NDR, and with good reason: Local governments oversee water utilities, airports, healthcare facilities, and other services – and they’re the same entities that are often struggling with small IT departments, antiquated computer systems, and limited budgets. X/NDR can help limited staff get a holistic view of their network security and provide data breach protection.
- Energy & utilities: This industry deals with operational technology (OT) – the use of hardware and software to monitor and control physical processes, devices, and infrastructures – more than other industries, and using IT systems and tools to monitor and protect these devices is a challenge. X/NDR can detect malicious anomalies in these OT environments.
- Education: As a result of COVID-19, many school districts, universities, and other educational entities have shifted to some version of remote learning – changing the demands of their networks. Now, most of the responsibilities for online learning has been outsourced to SaaS-based platforms like Zoom or Google Classroom, which means limited disability among disparate technologies. X/NDR can provide the needed security visibility, identifying malicious activity these platforms aren’t able to detect.
In addition, any industry that found themselves needing to accelerate their digital transformations due to the COVID-19 pandemic – the retail industry is a great example of this, as they rushed to retain customers by shifting to e-commerce platforms – will benefit from X/NDR technology.
CloudCover is imagining a day where people don’t worry about their online data, companies don’t have to spend millions to ensure the integrity of their systems, and hackers are frustrated by their inability to infiltrate a network. We can imagine that day, and with our own X/NDR technology – our CC/B1 CyberSafety Platform – we’re working hard every day to bring it closer. Learn more here: CyberSafety CC/B1 Platform
