Vectra AI - 5 reasons why NDR is attracting attention

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

Specifications/Technical Information

Specifications/Technical Information
- Vectra AI Specifications -Next-Gen Network AI Security

solution

solution
- NDR has evolved so far! Understand with manga! Vectra A.I.

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

5 reasons why NDR is attracting attention

The concept of NDR (Network Detection and Response) is a concept that has recently emerged. Until now, such features as traffic analysis, application analysis, and attack detection using suspicious IP information provided by vendors have been recognized in the market.

However, as cyberattacks by attackers become more sophisticated, there was no solution that could comprehensively visualize and understand the company's network from a security perspective.

SIEM was an option, but it required specialized processes and skills, and very few companies were able to understand the risks of their networks.

Meanwhile, NDR has recently been attracting attention as a network visualization solution for security. This time, I will explain 5 reasons why.

1. Easy and efficient implementation

Many NDR solutions are basically provided in hardware, and by acquiring information from the core switch with a mirror, the network can be visualized with a limited number of cabinets. Unlike endpoint security, there is no need to implement and manage it, so it can be implemented easily and efficiently.

2. Automatic learning function using AI

The problem with many security products is the tuning of rules, and in layman's terms, it is necessary to make judgments about what is normal and what is not for that network. However, this is a challenge for many companies and requires a lot of process and effort. Many of the NDR products can automatically generate thresholds for each company using the automatic learning function by AI. This allows you to effortlessly create a “normal” for your corporate network in a matter of weeks or months.

3. Detection using a security framework

NDR solutions go beyond setting thresholds and often employ a security framework to enable more advanced detection. There are a certain number of people in the company who are working on tasks that are different from the operations performed by many people in charge, and there is a high possibility that false positives will occur with simple threshold generation. Therefore, in order to enable more sophisticated detection, some products have adopted a security framework, and when an attacker continues to perform their intended actions, the level of security events is greatly increased and an alert is issued. It implements the functionality to be

4. Forensic retrospective analysis

When any security event is detected, it becomes important to go back in time and scrutinize the event. Many of these attacks are likely to be events that compromised other internal networks, so it is necessary to identify a wide range of impact. At that time, NDR in particular becomes a very effective tool for primary investigation in incident response. This is because not only PCs and servers, but also all terminals with IP addresses such as multi-function devices and IoT devices are subject to monitoring. .

5. Coordination with 3rd party solutions

Here, I will specifically touch on endpoints and SIEM integration. As mentioned above, NDR is particularly strong in early detection of attacks and critical events in the initial phase, but cooperation with endpoint products is important in that response. Recently, solutions such as EDR (Endpoint Detection and Response) have been released, and this solution can deeply track events that occur at endpoints. Since the platforms on which it is implemented are limited, it is highly compatible with "NDR for early detection at a surface" and "EDR for deep detection at a point". In addition, for companies whose corporate network is controlled by SIEM, it is possible to build a more advanced security policy by deploying NDR logs to SIEM.