Diversification of Attacker Intrusion Paths and Necessity of NDR (Network Detection and Response)

Today's attackers have a variety of intrusion vectors. The following is just an example, and the idea that it is impossible to prevent all intrusions by attackers using perimeter defense is pervasive. For this reason, in addition to perimeter defense products, users who believe that products that detect attackers who intrude inside are necessary are promoting the introduction of NDR.

• Intrusions exploiting vulnerabilities in VPN devices
  An attacker gains direct access to the internal network. There is a problem that the latest measures such as EDR are unlikely to be effective.
• Remote access route
  An attacker obtains authentication information in some way, logs in to the terminal, and accesses the internal network. Since it is a necessary route even in normal use, there is a problem that countermeasures such as closing the hole cannot be taken.

By monitoring internal networks, NDR can quickly detect suspicious behavior and contain threats before attackers achieve their goals.

Features of Vectra AI NDR

Advanced detection capabilities

By combining three detection logics such as supervised learning, unsupervised learning, and correlation analysis, we provide more accurate detection.

Installation configuration image

• Data capture
  Generate mirror traffic from core switches and passively ingest all traffic into the brain.
• Multisite monitoring
  If the segments are separated, such as data centers and remote locations, install sensors and transfer metadata to the brain to realize visualization of multiple locations.
• Data collection/detection (Detect)
  Information collected by Brain is deduped and proprietary engine detects threats
• Visualization of collected data (Recall)
  Visualization of network metadata collected by sensors on a cloud platform

platform

Collect and analyze network metadata by placing physical/virtual appliances in the NW environment