Organizations seeking to proactively identify and respond to cyber threats in order to mitigate their security risk are looking to deploy advanced Network Detection and Response (NDR) solutions.
This emerging product category has its origins in network intrusion detection, network-based threat hunting and incident investigation.
In recent months, the research firm Gartner has adopted this terminology while deprecating their previously-used term, Network Traffic Analysis, or NTA.
We don’t think so.
NTA is the process of intercepting, recording, and analyzing network traffic communication patterns as a means of detecting and responding to security threats.
Interestingly, Gartner earlier this year stated in its Top Ten Gartner Client Topics for Emerging Technologies for the first quarter of 2020, that technologies such as NTA, digital risk management, secure access service edge, and zero trust network access are emerging as critical needs for organizations.
Those needs are being driven by the new working environment that includes a wider adoption of digital technologies to support a large work-from-home employee base.
At Stamus Networks, we believe the term still has merit.
Gartner, in a post covering its report on applying network-centric approaches for threat detection and response, said “high-maturity clients use [NTA] and other network-based technologies as one of the layers in their security operations centers [SOCs], alongside endpoint-, log- and cloud-based technologies for threat visibility. Some clients use network-based technologies as their sole threat detection tool.”
But rather than think of it as a product category, we at Stamus Networks use the term to refer to a set of critical features that are embedded in our Network Detection and Response solution - Stamus Security Platform (SSP).
The reason is simple: when cyber security teams are searching for security threats through network threat hunting and investigating suspected incidents, the context provided by knowing what’s happening on the network is vital. And one of the key sources of that context is network traffic analysis (NTA).
Network detection and response (NDR) represents the state of the art in network security and combines the functionality from legacy IDS and NSM systems and adds anomaly detection, host insights, high-fidelity Declaration of Compromise, guided threat hunting, and automated alert triage. Learn how to optimize your network security with NDR.