Network detection and response - Revision history

Bibamad at 14:42, 21 February 2025

2025-02-21T14:42:18Z

← Previous revision		Revision as of 14:42, 21 February 2025
Line 20:		Line 20:
	Major attacks like [[WannaCry]] in 2017 and the [[SolarWinds]] breach in 2020 highlighted the need for solutions like NDR. Traditional perimeter defenses and signature-based tools proved insufficient against modern threats.<ref name=":2" />		Major attacks like [[WannaCry]] in 2017 and the [[SolarWinds]] breach in 2020 highlighted the need for solutions like NDR. Traditional perimeter defenses and signature-based tools proved insufficient against modern threats.<ref name=":2" />

	== AI applications ==		== Artificial Intelligence applications ==
	The use of [[artificial intelligence]] in NDR tools is growing, as security teams explore AI's potential to enhance NDR capabilities. Key AI use cases for NDR include:<ref name=":1">{{Cite web \|last=Grady \|first=John \|title=How AI benefits network detection and response \|url=https://www.techtarget.com/searchsecurity/opinion/How-AI-benefits-network-detection-and-response \|access-date=2023-08-15 \|website=TechTarget \|language=en}}</ref>		The use of [[artificial intelligence]] in NDR tools is growing, as security teams explore AI's potential to enhance NDR capabilities. Key AI use cases for NDR include:<ref name=":1">{{Cite web \|last=Grady \|first=John \|title=How AI benefits network detection and response \|url=https://www.techtarget.com/searchsecurity/opinion/How-AI-benefits-network-detection-and-response \|access-date=2023-08-15 \|website=TechTarget \|language=en}}</ref>

Bibamad at 14:41, 21 February 2025

2025-02-21T14:41:17Z

← Previous revision		Revision as of 14:41, 21 February 2025
Line 16:		Line 16:
	The origins of NDR trace back to [[network traffic analysis]] (NTA) solutions that emerged around 2019. NTA provided greater visibility into network activities to quickly identify and respond to potential threats.<ref name=":2">{{Cite web \|last=Wiens \|first=Christian \|date=2023-02-02 \|title=A Comprehensive Guide to Network Detection & Response (NDR) — What CIOs & Security Analysts Should Know \|url=https://securityboulevard.com/2023/02/a-comprehensive-guide-to-network-detection-response-ndr-what-cios-security-analysts-should-know/ \|access-date=2023-08-15 \|website=Security Boulevard \|language=en-US}}</ref>		The origins of NDR trace back to [[network traffic analysis]] (NTA) solutions that emerged around 2019. NTA provided greater visibility into network activities to quickly identify and respond to potential threats.<ref name=":2">{{Cite web \|last=Wiens \|first=Christian \|date=2023-02-02 \|title=A Comprehensive Guide to Network Detection & Response (NDR) — What CIOs & Security Analysts Should Know \|url=https://securityboulevard.com/2023/02/a-comprehensive-guide-to-network-detection-response-ndr-what-cios-security-analysts-should-know/ \|access-date=2023-08-15 \|website=Security Boulevard \|language=en-US}}</ref>

	By 2020, NTA adoption was growing for real-time threat detection. That year, a study found that 87% of organizations used NTA, with 43% considering it a "first line of defense." The NTA market was valued at US$2.9 billion in 2022, and expected to reach US$8.5 billion by 2032. NTA evolved into NDR as a distinct product category. NDR combined detection capabilities with incident response workflows. This enabled detecting and reacting to threats across networks in real time.<ref name=":2" />		By 2020, NTA adoption was growing for real-time threat detection. That year, a study found that 87% of organizations used NTA, with 43% considering it a "first line of defense". The NTA market was valued at US$2.9 billion in 2022, and expected to reach US$8.5 billion by 2032. NTA evolved into NDR as a distinct product category. NDR combined detection capabilities with incident response workflows. This enabled detecting and reacting to threats across networks in real time.<ref name=":2" />

	Major attacks like [[WannaCry]] in 2017 and the [[SolarWinds]] breach in 2020 highlighted the need for solutions like NDR. Traditional perimeter defenses and signature-based tools proved insufficient against modern threats.<ref name=":2" />		Major attacks like [[WannaCry]] in 2017 and the [[SolarWinds]] breach in 2020 highlighted the need for solutions like NDR. Traditional perimeter defenses and signature-based tools proved insufficient against modern threats.<ref name=":2" />

71.11.5.2: copy edits, removed ce tag

2024-06-12T19:31:50Z

copy edits, removed ce tag

← Previous revision		Revision as of 19:31, 12 June 2024
Line 1:		Line 1:
	{{Multiple issues\|
	{{copy edit\|date=May 2024}}
	{{notability\|date=May 2024}}		{{notability\|date=May 2024}}
	}}
	{{short description\|Threat monitoring technology}}		{{short description\|Threat monitoring technology}}

	'''Network detection and response (NDR)''' refers to a category of [[network security]] products that detect abnormal system [[Behavior\|behaviors]] by continuously analyzing [[network traffic]]. NDR solutions apply [[behavioral analytics]] to inspect raw [[Packet analyzer\|network packets]] and [[metadata]] for both internal (east-west) and external (north-south) network communications.<ref name=":0">{{Cite web \|last=Jonathan Nunez, Andrew Davies \|date=20 July 2023 \|title=Hype Cycle for Security Operations, 2023 \|url=https://www.gartner.com/doc/reprints?id=1-2EIN4TVS&ct=230721&st=sb&__hstc=45788219.57a590308de95e51d2f62b49fac710ef.1691078838873.1691078838873.1691078838873.1&__hssc=45788219.1.1691078838873&__hsfp=3812163218&hsCtaTracking=51e2e4ef-078c-41c0-a8bf-673c4e38176a%7C2cb608e8-3bb2-41fb-96a8-b3d410ee1978 \|access-date=2023-08-08 \|website=www.gartner.com}}</ref>		'''Network detection and response (NDR)''' refers to a category of [[network security]] products that detect abnormal system [[Behavior\|behaviors]] by continuously analyzing [[network traffic]]. NDR solutions apply [[behavioral analytics]] to inspect raw [[Packet analyzer\|network packets]] and [[metadata]] for both internal (east-west) and external (north-south) network communications.<ref name=":0">{{Cite web \|last=Jonathan Nunez, Andrew Davies \|date=20 July 2023 \|title=Hype Cycle for Security Operations, 2023 \|url=https://www.gartner.com/doc/reprints?id=1-2EIN4TVS&ct=230721&st=sb&__hstc=45788219.57a590308de95e51d2f62b49fac710ef.1691078838873.1691078838873.1691078838873.1&__hssc=45788219.1.1691078838873&__hsfp=3812163218&hsCtaTracking=51e2e4ef-078c-41c0-a8bf-673c4e38176a%7C2cb608e8-3bb2-41fb-96a8-b3d410ee1978 \|access-date=2023-08-08 \|website=www.gartner.com}}</ref>

Line 13:		Line 11:
	Deployment options include physical or virtual sensors. Sensors are typically out-of-band, positioned to monitor network flows without impacting performance. Cloud-based NDR options integrate with IaaS providers to gain visibility across hybrid environments. Ongoing tuning helps reduce false positives. NDR competes against broader platforms like [[SIEM]] and [[Extended detection and response\|XDR]] for security budgets.<ref name=":0" /> NDR can be used to complement EDR's blind spot.<ref name=":3" /><ref>{{Cite web \|title=Change Is Coming to the Network Detection and Response (NDR) Market \|url=https://www.darkreading.com/cyber-risk/change-is-coming-to-the-network-detection-and-response-ndr-market \|access-date=2024-05-21 \|website=www.darkreading.com \|language=en}}</ref>		Deployment options include physical or virtual sensors. Sensors are typically out-of-band, positioned to monitor network flows without impacting performance. Cloud-based NDR options integrate with IaaS providers to gain visibility across hybrid environments. Ongoing tuning helps reduce false positives. NDR competes against broader platforms like [[SIEM]] and [[Extended detection and response\|XDR]] for security budgets.<ref name=":0" /> NDR can be used to complement EDR's blind spot.<ref name=":3" /><ref>{{Cite web \|title=Change Is Coming to the Network Detection and Response (NDR) Market \|url=https://www.darkreading.com/cyber-risk/change-is-coming-to-the-network-detection-and-response-ndr-market \|access-date=2024-05-21 \|website=www.darkreading.com \|language=en}}</ref>

	Key capabilities offered by NDR solutions include: ~~Real~~-time threat detection through continuous monitoring, ~~Rapid~~ incident response workflows to minimize damage, ~~Reduced~~ complexity versus managing multiple point solutions, ~~Improved~~ visibility for compliance and risk management, ~~Automated~~ detection and response, ~~Endpoint~~ and user behavior analytics, ~~Integration~~ with [[SIEM]] for centralized monitoring.<ref name=":2" />		Key capabilities offered by NDR solutions include real-time threat detection through continuous monitoring, rapid incident response workflows to minimize damage, reduced complexity versus managing multiple point solutions, improved visibility for compliance and risk management, automated detection and response, endpoint and user behavior analytics, and integration with [[SIEM]] for centralized monitoring.<ref name=":2" />

	==History==		==History==
	The origins of NDR trace back to [[network traffic analysis]] (NTA) solutions that emerged around 2019. NTA provided greater visibility into network activities to quickly identify and respond to potential threats.<ref name=":2">{{Cite web \|last=Wiens \|first=Christian \|date=2023-02-02 \|title=A Comprehensive Guide to Network Detection & Response (NDR) — What CIOs & Security Analysts Should Know \|url=https://securityboulevard.com/2023/02/a-comprehensive-guide-to-network-detection-response-ndr-what-cios-security-analysts-should-know/ \|access-date=2023-08-15 \|website=Security Boulevard \|language=en-US}}</ref>		The origins of NDR trace back to [[network traffic analysis]] (NTA) solutions that emerged around 2019. NTA provided greater visibility into network activities to quickly identify and respond to potential threats.<ref name=":2">{{Cite web \|last=Wiens \|first=Christian \|date=2023-02-02 \|title=A Comprehensive Guide to Network Detection & Response (NDR) — What CIOs & Security Analysts Should Know \|url=https://securityboulevard.com/2023/02/a-comprehensive-guide-to-network-detection-response-ndr-what-cios-security-analysts-should-know/ \|access-date=2023-08-15 \|website=Security Boulevard \|language=en-US}}</ref>

	By 2020, NTA adoption was growing for real-time threat detection. That year, a study found 87% of organizations used NTA, with 43% considering it a "first line of defense." The NTA market was valued at US$2.9 billion in 2022, and expected to reach US$8.5 billion by 2032. NTA evolved into NDR as a distinct product category. NDR combined detection capabilities with incident response workflows. This enabled detecting and reacting to threats across networks in real-time.<ref name=":2" />		By 2020, NTA adoption was growing for real-time threat detection. That year, a study found that 87% of organizations used NTA, with 43% considering it a "first line of defense." The NTA market was valued at US$2.9 billion in 2022, and expected to reach US$8.5 billion by 2032. NTA evolved into NDR as a distinct product category. NDR combined detection capabilities with incident response workflows. This enabled detecting and reacting to threats across networks in real time.<ref name=":2" />

	Major attacks like [[WannaCry]] in 2017 and the [[SolarWinds]] breach in 2020 highlighted the need for solutions like NDR. Traditional perimeter defenses and signature-based tools proved insufficient against modern threats.<ref name=":2" />		Major attacks like [[WannaCry]] in 2017 and the [[SolarWinds]] breach in 2020 highlighted the need for solutions like NDR. Traditional perimeter defenses and signature-based tools proved insufficient against modern threats.<ref name=":2" />
Line 25:		Line 23:
	The use of [[artificial intelligence]] in NDR tools is growing, as security teams explore AI's potential to enhance NDR capabilities. Key AI use cases for NDR include:<ref name=":1">{{Cite web \|last=Grady \|first=John \|title=How AI benefits network detection and response \|url=https://www.techtarget.com/searchsecurity/opinion/How-AI-benefits-network-detection-and-response \|access-date=2023-08-15 \|website=TechTarget \|language=en}}</ref>		The use of [[artificial intelligence]] in NDR tools is growing, as security teams explore AI's potential to enhance NDR capabilities. Key AI use cases for NDR include:<ref name=":1">{{Cite web \|last=Grady \|first=John \|title=How AI benefits network detection and response \|url=https://www.techtarget.com/searchsecurity/opinion/How-AI-benefits-network-detection-and-response \|access-date=2023-08-15 \|website=TechTarget \|language=en}}</ref>

	* Improved threat detection : AI can analyze large volumes of data on vulnerabilities, threats, and attack tactics to identify anomalous network activities. This allows NDR to detect emerging attack patterns with greater accuracy and fewer [[False positives and false negatives\|false positives]].<ref name=":1" />		* Improved threat detection: AI can analyze large volumes of data on vulnerabilities, threats, and attack tactics to identify anomalous network activities. This allows NDR to detect emerging attack patterns with greater accuracy and fewer [[False positives and false negatives\|false positives]].<ref name=":1" />
	* Alert prioritization : AI models can evaluate the criticality of NDR alerts based on factors like affected assets, exploitability, and potential impact. This enables security teams to triage alerts effectively despite staff shortages.<ref name=":1" />		* Alert prioritization: AI models can evaluate the criticality of NDR alerts based on factors like affected assets, exploitability, and potential impact. This enables security teams to triage alerts effectively despite staff shortages.<ref name=":1" />
	* Analyst workflow optimization : AI assistants can ~~provide guidance to~~ analysts during incident response, suggesting relevant investigation steps based on details of the threat. This amplifies analyst efficiency, especially for junior staff lacking specialized expertise.<ref name=":1" />		* Analyst workflow optimization: AI assistants can guide analysts during incident response, suggesting relevant investigation steps based on details of the threat. This amplifies analyst efficiency, especially for junior staff lacking specialized expertise.<ref name=":1" />
	* Automated response : Although not yet widely adopted, AI could enable NDR platforms to autonomously execute containment measures like quarantining endpoints. AI would identify and recommend response actions for analyst approval.<ref name=":1" />		* Automated response: Although not yet widely adopted, AI could enable NDR platforms to autonomously execute containment measures like quarantining endpoints. AI would identify and recommend response actions for analyst approval.<ref name=":1" />
	* Security team communications : NDR vendors are exploring integrations with natural language AI to generate incident reports and metrics digestible for business leaders, not just technical security staff.<ref name=":1" />		* Security team communications: NDR vendors are exploring integrations with natural language AI to generate incident reports and metrics digestible for business leaders, not just technical security staff.<ref name=":1" />

	== NDR Vendors ==		== NDR Vendors ==

John.linkshadow: /* NDR Vendors */

2024-06-11T08:38:53Z

NDR Vendors

← Previous revision		Revision as of 08:38, 11 June 2024
Line 32:		Line 32:

	== NDR Vendors ==		== NDR Vendors ==
	According to [[Gartner]], NDR vendors include [[Cisco]], Corelight, [[Darktrace]], [[ExtraHop Networks\|ExtraHop]], [[Fortinet]], IronNet, MixMode, Plixer, [[Trend Micro]], Trellix, [[Vectra AI]].<ref name=":0" />		According to [[Gartner]], NDR vendors include [[Cisco]], Corelight, [[Darktrace]], [https://www.linkshadow.com/ LinkShadow] [[ExtraHop Networks\|ExtraHop]], [[Fortinet]], IronNet, MixMode, Plixer, [[Trend Micro]], Trellix, [[Vectra AI]].<ref name=":0" />

	== References ==		== References ==

WikiCleanerBot: v2.05b - Bot T20 CW#61 - Fix errors for CW project (Reference before punctuation)

2024-05-28T06:43:23Z

v2.05b - Bot T20 CW#61 - Fix errors for CW project (Reference before punctuation)

← Previous revision		Revision as of 06:43, 28 May 2024
Line 9:		Line 9:
	NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like [[Network Lateral Movement\|lateral movement]] or [[data exfiltration]].<ref name=":0" />		NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like [[Network Lateral Movement\|lateral movement]] or [[data exfiltration]].<ref name=":0" />

	NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />		NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms.<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref> The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />

	Deployment options include physical or virtual sensors. Sensors are typically out-of-band, positioned to monitor network flows without impacting performance. Cloud-based NDR options integrate with IaaS providers to gain visibility across hybrid environments. Ongoing tuning helps reduce false positives. NDR competes against broader platforms like [[SIEM]] and [[Extended detection and response\|XDR]] for security budgets.<ref name=":0" /> NDR can be used to complement EDR's blind spot.<ref name=":3" /><ref>{{Cite web \|title=Change Is Coming to the Network Detection and Response (NDR) Market \|url=https://www.darkreading.com/cyber-risk/change-is-coming-to-the-network-detection-and-response-ndr-market \|access-date=2024-05-21 \|website=www.darkreading.com \|language=en}}</ref>		Deployment options include physical or virtual sensors. Sensors are typically out-of-band, positioned to monitor network flows without impacting performance. Cloud-based NDR options integrate with IaaS providers to gain visibility across hybrid environments. Ongoing tuning helps reduce false positives. NDR competes against broader platforms like [[SIEM]] and [[Extended detection and response\|XDR]] for security budgets.<ref name=":0" /> NDR can be used to complement EDR's blind spot.<ref name=":3" /><ref>{{Cite web \|title=Change Is Coming to the Network Detection and Response (NDR) Market \|url=https://www.darkreading.com/cyber-risk/change-is-coming-to-the-network-detection-and-response-ndr-market \|access-date=2024-05-21 \|website=www.darkreading.com \|language=en}}</ref>

Bibamad: /* Description */

2024-05-21T09:37:17Z

Description

← Previous revision		Revision as of 09:37, 21 May 2024
Line 7:		Line 7:

	== Description ==		== Description ==
	NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like lateral movement or [[data exfiltration]].<ref name=":0" />		NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like [[Network Lateral Movement\|lateral movement]] or [[data exfiltration]].<ref name=":0" />

	NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />		NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />

Bibamad at 09:33, 21 May 2024

2024-05-21T09:33:56Z

← Previous revision		Revision as of 09:33, 21 May 2024
Line 7:		Line 7:

	== Description ==		== Description ==
	NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like lateral movement or data exfiltration.<ref name=":0" />		NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like lateral movement or [[data exfiltration]].<ref name=":0" />

	NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />		NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />

Bibamad: /* Description */

2024-05-21T09:32:54Z

Description

← Previous revision		Revision as of 09:32, 21 May 2024
Line 7:		Line 7:

	== Description ==		== Description ==
	NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on signature-based threat detection. This allows NDR to spot weak signals and unknown threats from network traffic, like lateral movement or data exfiltration.<ref name=":0" />		NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like lateral movement or data exfiltration.<ref name=":0" />

	NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />		NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />

Bibamad at 09:32, 21 May 2024

2024-05-21T09:32:31Z

← Previous revision		Revision as of 09:32, 21 May 2024
Line 7:		Line 7:

	== Description ==		== Description ==
	NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity, such as [[ransomware]], as ~~well~~ ~~as insider~~ ~~attacks~~. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on signature-based threat detection. This allows NDR to spot weak signals and unknown threats from network traffic, like lateral movement or data exfiltration.<ref name=":0" />		NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on signature-based threat detection. This allows NDR to spot weak signals and unknown threats from network traffic, like lateral movement or data exfiltration.<ref name=":0" />

	NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />		NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />

Bibamad at 09:30, 21 May 2024

2024-05-21T09:30:29Z

← Previous revision		Revision as of 09:30, 21 May 2024
Line 4:		Line 4:
	}}		}}
	{{short description\|Threat monitoring technology}}		{{short description\|Threat monitoring technology}}
	'''Network detection and response (NDR)''' refers to a category of [[network security]] products that detect abnormal system [[Behavior\|behaviors]] by continuously analyzing network traffic. NDR solutions apply [[behavioral analytics]] to inspect raw [[Packet analyzer\|network packets]] and [[metadata]] for both internal (east-west) and external (north-south) network communications.<ref name=":0">{{Cite web \|last=Jonathan Nunez, Andrew Davies \|date=20 July 2023 \|title=Hype Cycle for Security Operations, 2023 \|url=https://www.gartner.com/doc/reprints?id=1-2EIN4TVS&ct=230721&st=sb&__hstc=45788219.57a590308de95e51d2f62b49fac710ef.1691078838873.1691078838873.1691078838873.1&__hssc=45788219.1.1691078838873&__hsfp=3812163218&hsCtaTracking=51e2e4ef-078c-41c0-a8bf-673c4e38176a%7C2cb608e8-3bb2-41fb-96a8-b3d410ee1978 \|access-date=2023-08-08 \|website=www.gartner.com}}</ref>		'''Network detection and response (NDR)''' refers to a category of [[network security]] products that detect abnormal system [[Behavior\|behaviors]] by continuously analyzing [[network traffic]]. NDR solutions apply [[behavioral analytics]] to inspect raw [[Packet analyzer\|network packets]] and [[metadata]] for both internal (east-west) and external (north-south) network communications.<ref name=":0">{{Cite web \|last=Jonathan Nunez, Andrew Davies \|date=20 July 2023 \|title=Hype Cycle for Security Operations, 2023 \|url=https://www.gartner.com/doc/reprints?id=1-2EIN4TVS&ct=230721&st=sb&__hstc=45788219.57a590308de95e51d2f62b49fac710ef.1691078838873.1691078838873.1691078838873.1&__hssc=45788219.1.1691078838873&__hsfp=3812163218&hsCtaTracking=51e2e4ef-078c-41c0-a8bf-673c4e38176a%7C2cb608e8-3bb2-41fb-96a8-b3d410ee1978 \|access-date=2023-08-08 \|website=www.gartner.com}}</ref>

	== Description ==		== Description ==

← Previous revision		Revision as of 06:43, 28 May 2024
Line 9:		Line 9:
	NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like [[Network Lateral Movement\|lateral movement]] or [[data exfiltration]].<ref name=":0" />		NDR is delivered through a combination of [[Computer hardware\|hardware]] and [[software]] sensors, along with a software or [[Software as a service\|SaaS]] management console. Organizations use NDR to detect and contain malicious post-breach activity such as [[ransomware]] or insider malicious activity. NDR focuses on identifying abnormal behavior patterns and anomalies rather than relying solely on [[Signature based detection\|signature-based threat detection]]. This allows NDR to spot weak signals and unknown threats from network traffic, like [[Network Lateral Movement\|lateral movement]] or [[data exfiltration]].<ref name=":0" />

	NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref>. The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />		NDR provides visibility into network activities to identify anomalies using [[machine learning]] algorithms.<ref name=":3">{{Cite web \|last=Maor \|first=Etay \|title=Council Post: EDR, XDR, MDR: Making Sense Of Threat Detection And Response Acronyms \|url=https://www.forbes.com/sites/forbestechcouncil/2024/03/05/edr-xdr-mdr-making-sense-of-threat-detection-and-response-acronyms/ \|access-date=2024-05-21 \|website=Forbes \|language=en}}</ref> The automated response capabilities can help reduce the workload for security teams. NDR also assists incident responders with threat hunting by supplying context and analysis.<ref name=":0" />

	Deployment options include physical or virtual sensors. Sensors are typically out-of-band, positioned to monitor network flows without impacting performance. Cloud-based NDR options integrate with IaaS providers to gain visibility across hybrid environments. Ongoing tuning helps reduce false positives. NDR competes against broader platforms like [[SIEM]] and [[Extended detection and response\|XDR]] for security budgets.<ref name=":0" /> NDR can be used to complement EDR's blind spot.<ref name=":3" /><ref>{{Cite web \|title=Change Is Coming to the Network Detection and Response (NDR) Market \|url=https://www.darkreading.com/cyber-risk/change-is-coming-to-the-network-detection-and-response-ndr-market \|access-date=2024-05-21 \|website=www.darkreading.com \|language=en}}</ref>		Deployment options include physical or virtual sensors. Sensors are typically out-of-band, positioned to monitor network flows without impacting performance. Cloud-based NDR options integrate with IaaS providers to gain visibility across hybrid environments. Ongoing tuning helps reduce false positives. NDR competes against broader platforms like [[SIEM]] and [[Extended detection and response\|XDR]] for security budgets.<ref name=":0" /> NDR can be used to complement EDR's blind spot.<ref name=":3" /><ref>{{Cite web \|title=Change Is Coming to the Network Detection and Response (NDR) Market \|url=https://www.darkreading.com/cyber-risk/change-is-coming-to-the-network-detection-and-response-ndr-market \|access-date=2024-05-21 \|website=www.darkreading.com \|language=en}}</ref>