Signature-based detection based on IDS functions + Attacker behavior detection

In addition to behavioral detection on NDR, it features signature detection to quickly identify known threats.
As a result, in addition to being able to integrate IDS functions into NDR (Vectra), many of the IDSs that have been used between inside and outside as perimeter defense have been used to monitor internal-to-internal communications. It is possible to
As a result, security can be made more robust by reliably detecting attacks that exploit internal-internal vulnerabilities.

Effect of integrating NDR and IDS

(1) Integration of existing IDPS

• IDPS, which is a signature detection method, is difficult to deal with unknown threats such as the latest malware and zero-day attacks.
• Integrate existing IDPS appliances to reduce operation management and maintenance costs

(2) Strengthen SOC threat analysis

• In addition to perimeter defense with IDPS, added behavioral analysis function and forensics after attacker intrusion with NDR
• Expanding the scope of monitoring and detection of attacks (exploits) that exploit vulnerabilities that are intruded from the blind spot of the perimeter defense

(3) Real-time threat detection

• NDR threat analysis can be visualized in real-time and incident response can be automated or manual
• In addition to capturing signs of attacks with NDR, threat detection based on hosts/accounts, exploit detection, and detailed investigations using network forensics are possible.

(4) Linkage between products

• By linking with FW, it is also possible to block communication from hosts that detect threats and use it as an IPS.
• Vectra AI engine is easy to work with EDR, SIEM, etc.

Configuration image

By equipping sensors in the environment with IDS functions (signature functions), functions can be implemented without additional hardware or configuration changes.