Gartner Inc. defines NDR as using “non-signature-based techniques (for example, machine learning or other analytical techniques) to detect suspicious traffic on enterprise networks. NDR tools continuously analyse raw traffic and/or flow records to build models that reflect normal network behavior.”
This type of network security solution monitors north/south and east/west traffic using strategically placed sensors. When suspicious traffic patterns are detected, alerts are sent to administrators. Quick response is a major benefit of NDR solutions, and automated functions further simplify the network security process.
Malware adapts hourly to take advantage of hidden vulnerabilities and infiltrate systems, and NDR is proving to be one of our most powerful defences against it. There are three things you must remember when setting out to beef up your network security capabilities.
The number of global security incidents has increased by a staggering 67% over the past 5 years, with small and medium sized businesses (SMBs) targeted 43% of the time. While taking down large enterprises with deep pockets is the ultimate goal, attackers have found it far easier to attack smaller businesses with less robust cyber security capabilities. They then use the data and access they steal, to climb the ladder and attack larger, partner enterprises or even attack customers directly. Ransomware continues to be the fastest growing type of cyber-crime, with profits reaching $20 billion in 2021.
Gartner's recent research, “Emerging Technologies: Emergence Cycle for AI in Security for Malware Detection", discusses innovations in using AI for malware detection use cases.
The Gartner research suggests that AI will have a significant impact on malware detection for the next 5-8 years. Gartner focused on dividing their research into subgroups: endpoints, performance monitoring, modelling, encryption, ransomware, and code analysis.
Based on this research and analysis of hundreds of ransomware/malware incident response service customers, Sangfor has released a detailed whitepaper that explains how to combat weaponized AI used in new malware with purpose-built AI models looking for specific small non-normal or suspicious behaviour across magnitudes of activity over large periods of time.
NDR solutions and tools have many functions that make them ideal for day-to-day network security. These tools can:
Let’s drill down even deeper into the types of functions NDR provides.
Fileless malware has become very popular because traditional detection methods often miss it. Attackers often use non-malicious tools, familiar to the network, to hide their activity. Network detection and response solutions use machine learning and AI to analyse traffic for just these situations. It is useful for detecting command and control activity, identity suspicious applications, and uncover and isolate any compromised systems within the network.
NDR provides rapid response in the event of an attack. For example, if an employee accidently clicks on a malicious link within a phishing email. Using an attack campaign analysis, this solution identifies affected devices, lures used previously by other attacks, and performs real-time monitoring for this type of activity.
Malware lurks, unseen through an organization’s network, extracting data and causing damage. Because it is not a part of the organizations IT structure, endpoint security and log-based solutions are almost useless at detecting attacks. NDR, on the other hand, is powered by AI and machine learning, and connected to a massive database filled with all identified threats. Using these functions means suspicious devices or traffic that might signal the presence of malware are flagged immediately.
Look for an NDR solution that provides network-wide visibility. Visibility of all network traffic means IT teams are able to analyse and monitor for threats with more accuracy, and the automated security functions reduce the number of false positive alerts IT teams must deal with. The faster traffic is monitored and analysed, the less likely it is that malware will move through the network. As many industries are adopting a cloud-first approach to digital transformation and network security, look for an NDR solution that is cloud-ready and can work in multi-cloud environments.
Sangfor recognizes the need for an artificially intelligent network detection and response system to counter the ever-growing list of cyber threats and anomalies. That’s why the Sangfor team has developed the Sangfor Cyber Command.
“Typically firewalls are designed to monitor traffic that goes through the firewall to the servers,” explains Jason Yuan, VP of Sangfor’s International Market. “Sangfor Cyber Command does something called network traffic analysis (NTA). We sit right next to one of your core switches and analyse all your traffic.” Sangfor Cyber Command monitors both North/South and East/West traffic, and performs anomaly detection using two techniques.
It features a sophisticated detection capabilities, thanks to the broad range of network data it collects from network traffic and gateway logs and EDRs, decodes, and applies AI analysis to uncover suspicious behavior. The Cyber Command Response Center allows administrators to watch the network carefully, with comprehensive and easy to read logs ready at the touch of a button. Combined with Sangfor Endpoint Secure and NGAF, Cyber Command delivers mitigation in a timely and efficient manner for maximum security and protection of your network.
The global NDR market is expected to reach CAGR of 17.5% between now and 2026, and is widely expected to be the go-to network solution of our time. With ransomware and malware becoming increasingly sophisticated, it’s critical that you prepare for the worst, and hope for the best. For more information on NDR, Sangfor Cyber Command, or Sangfor’s suite of network security or cloud solutions, visit us online, or email directly, and see how Sangfor can make your IT simpler, more secure and valuable.