What is NDR. Network Detection and Response

What is Network Detection and Response?

Gartner Inc. defines NDR as using “non-signature-based techniques (for example, machine learning or other analytical techniques) to detect suspicious traffic on enterprise networks. NDR tools continuously analyse raw traffic and/or flow records to build models that reflect normal network behavior.”

This type of network security solution monitors north/south and east/west traffic using strategically placed sensors. When suspicious traffic patterns are detected, alerts are sent to administrators. Quick response is a major benefit of NDR solutions, and automated functions further simplify the network security process.

Defending against evolving threat with network detection and response

Malware adapts hourly to take advantage of hidden vulnerabilities and infiltrate systems, and NDR is proving to be one of our most powerful defences against it. There are three things you must remember when setting out to beef up your network security capabilities.

  • No network security solution is 100% effective against malware
  • Growing signature databases are a challenge to continuously update
  • False positives are a productivity sapper, and will waste valuable time if you choose the wrong solution

The number of global security incidents has increased by a staggering 67% over the past 5 years, with small and medium sized businesses (SMBs) targeted 43% of the time. While taking down large enterprises with deep pockets is the ultimate goal, attackers have found it far easier to attack smaller businesses with less robust cyber security capabilities. They then use the data and access they steal, to climb the ladder and attack larger, partner enterprises or even attack customers directly. Ransomware continues to be the fastest growing type of cyber-crime, with profits reaching $20 billion in 2021.

Sangfor Featuring Gartner Whitepaper on Network Detection and Response (NDR)

Gartner's recent research, “Emerging Technologies: Emergence Cycle for AI in Security for Malware Detection", discusses innovations in using AI for malware detection use cases.

The Gartner research suggests that AI will have a significant impact on malware detection for the next 5-8 years. Gartner focused on dividing their research into subgroups: endpoints, performance monitoring, modelling, encryption, ransomware, and code analysis.

Based on this research and analysis of hundreds of ransomware/malware incident response service customers, Sangfor has released a detailed whitepaper that explains how to combat weaponized AI used in new malware with purpose-built AI models looking for specific small non-normal or suspicious behaviour across magnitudes of activity over large periods of time.


How NDR works in threat detection and response 

NDR solutions and tools have many functions that make them ideal for day-to-day network security. These tools can:

  • Detect suspicious network traffic that traditional tools miss by using non-signature-based detection techniques.
  • Develop a “normal” traffic baseline and scan for any traffic that doesn’t adhere to trusted or “safe” browsing behavior. 
  • Monitor all north/south and east/west traffic flows to provide the IT team increased visibility required to mitigate security incidents.
  • Analyse activity in real-time and provide timely alerts for incident response teams.
  • Forensic analyses to determine how threats entered and moved through the network. 
  • Provide incident response and threat hunting efforts that streamline security operations.

Let’s drill down even deeper into the types of functions NDR provides. 

Detection of Malicious Activity

Fileless malware has become very popular because traditional detection methods often miss it. Attackers often use non-malicious tools, familiar to the network, to hide their activity. Network detection and response solutions use machine learning and AI to analyse traffic for just these situations. It is useful for detecting command and control activity, identity suspicious applications, and uncover and isolate any compromised systems within the network.

Rapid Response

NDR provides rapid response in the event of an attack. For example, if an employee accidently clicks on a malicious link within a phishing email. Using an attack campaign analysis, this solution identifies affected devices, lures used previously by other attacks, and performs real-time monitoring for this type of activity.

Exhaustive Network Intelligence

Malware lurks, unseen through an organization’s network, extracting data and causing damage. Because it is not a part of the organizations IT structure, endpoint security and log-based solutions are almost useless at detecting attacks. NDR, on the other hand, is powered by AI and machine learning, and connected to a massive database filled with all identified threats. Using these functions means suspicious devices or traffic that might signal the presence of malware are flagged immediately.

How to choose an NDR solution

Look for an NDR solution that provides network-wide visibility. Visibility of all network traffic means IT teams are able to analyse and monitor for threats with more accuracy, and the automated security functions reduce the number of false positive alerts IT teams must deal with. The faster traffic is monitored and analysed, the less likely it is that malware will move through the network. As many industries are adopting a cloud-first approach to digital transformation and network security, look for an NDR solution that is cloud-ready and can work in multi-cloud environments.

Read Whitepaper - Using AI to Combat AI: Purpose-Built AI Models in NDR


Sangfor’s Intelligent Threat Detection and Response Solution

Sangfor recognizes the need for an artificially intelligent network detection and response system to counter the ever-growing list of cyber threats and anomalies. That’s why the Sangfor team has developed the Sangfor Cyber Command.

“Typically firewalls are designed to monitor traffic that goes through the firewall to the servers,” explains Jason Yuan, VP of Sangfor’s International Market. “Sangfor Cyber Command does something called network traffic analysis (NTA). We sit right next to one of your core switches and analyse all your traffic.” Sangfor Cyber Command monitors both North/South and East/West traffic, and performs anomaly detection using two techniques.

  1. First, Cyber Command performs modelling, to identify when users connect from unusual places and flag the access for further investigation. 
  2. Second, Sangfor has implemented machine learning and AI to stop different types of attacks, including brute force! Going well beyond normal security capabilities, NDR provides detection of unmanaged assets, VPN usage and existing attacker traffic within the network. 
  3. Finally, Sangfor Cyber Command protects your network by providing correlated blocking of similar threats, threat hunting within your environment, and incident response in the event of a cyber-attack.

It features a sophisticated detection capabilities, thanks to the broad range of network data it collects from network traffic and gateway logs and EDRs, decodes, and applies AI analysis to uncover suspicious behavior. The Cyber Command Response Center allows administrators to watch the network carefully, with comprehensive and easy to read logs ready at the touch of a button. Combined with Sangfor Endpoint Secure and NGAF, Cyber Command delivers mitigation in a timely and efficient manner for maximum security and protection of your network.

The future of NDR

The global NDR market is expected to reach CAGR of 17.5% between now and 2026, and is widely expected to be the go-to network solution of our time. With ransomware and malware becoming increasingly sophisticated, it’s critical that you prepare for the worst, and hope for the best. For more information on NDR, Sangfor Cyber Command, or Sangfor’s suite of network security or cloud solutions, visit us online, or email directly, and see how Sangfor can make your IT simpler, more secure and valuable.


Listen To This Post



Dont Miss Our Newest Article by Subscribing to Sangfor

Related Articles

Cyber Security

What is MDR - Managed Detection and Response, and Why Does It Make Sense?

Date : 01 Jul 2022
Read Now

Cyber Security

Is Cyber Resilience the One Thing Your Organization Is Missing?

Date : 30 Jun 2022
Read Now

Cyber Security

Conti Ransomware Attack Throws Costa Rica into a National State of Emergency

Date : 28 Jun 2022
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
SASE Access
icon notification