Given the perilous state of today's cybersecurity world, network detection and response (NDR) tools are now an essential security technology. NDRs allow organizations to continuously monitor network traffic for suspicious behavior and possible attacks.
NDR tools generally rely on advanced analytical techniques, such as artificial intelligence (AI) and machine learning (ML), to reveal dubious forms of network activity, allowing teams to respond to anomalous or malicious traffic and threats that other security tools might miss.
Here's a quick rundown of five top NDR tools available in 2023.
Cisco Secure Network Analytics
Cisco Secure Network Analytics (CSNA) is designed to detect possible attacks in real time, offering context-rich alerts, including user, device, location, timestamp, and application information. CSNA can also identify and isolate threats in encrypted traffic without compromising privacy and data integrity. Another important benefit is the ability to validate the efficacy of various security policies, adopting the most appropriate plans based on current specific needs.
Billed as the first NDR offering purpose-built to secure rapidly changing, increasingly complex networks, Gigamon ThreatINSIGHT detects suspicious DNS and TLS traffic associated with emerging threats via AI and ML.
Automated risk calculation and incident prioritization capabilities are provided to help teams quickly focus on high-priority incidents for faster response. Zero-touch visibility into new network segments is provided within minutes, the vendor claims.
Gigamon promises that ThreatINSIGHT accelerates threat hunting by isolating key threat behaviors while allowing users to change from reactive detection to proactive hunting and mitigation. The tool also includes Automatic Threat Recognition (ATR)-developed playbooks that are designed to improve investigation workflows and reduce the time and effort needed to uncover relevant attack details.
Nokia XDR Security
Nokia XDR Security is a cloud-native extended detection and response (XDR) platform suite that's offered as a use-case-driven solution.
Nokia claims that XDR Security addresses the need for real-time threat detection and response. The company notes that its customer field-trial data revealed a 70 percent increased effectiveness at rapidly blocking threats in security operations centers (SOCs) or preventing attacks before they materialize. The platform's modules include analytics, ML, and automation functions to detect incidents rapidly and react faster to neutralize threats.
XDR Security allows SOC teams to visualize data within a single dashboard fed by disparate security solutions across multiple platforms. The offering also supports subscription-based security services, such as 5G slice monitoring, endpoint protection for enterprise IoT devices, and identity and access management.
By providing detection and integration with real-time threat intelligence and network-based sensors, XDR Security allows threats to be detected, identified, investigated, and halted before they can become costly breaches. Cognitive threat detection analyzes network sessions for malware traffic and anomalous behavior from Industrial Internet of Things (IIoT) devices.
Analytics and intelligence features include event correlation, Indicators of Compromise (IOC) triaging, and threat intelligence processing to identify vulnerable systems and provide patch management. Automation and orchestration functions aim to provide the speed, connectivity, and workflows that are frequently needed when malware is detected, then contained and remediated.
Symantec Security Analytics
Symantec Security Analytics promises complete visibility and forensics for cloud workloads. The tool can be deployed in on-premises networks as well as in Amazon Web Services, Microsoft Azure, or Oracle Cloud environments for full visibility, network traffic analysis, and incident response.
Security Analytics' other capabilities include file reputation, deep packet inspection, full indexing, anomaly detection, and artifact reconstruction. The offering also provides support for thorough investigations and proactive threat hunting from a single console. Security Analytics aims to help teams uncover an attack's source and scope and deliver clear evidence, whether the threat is targeting an on-premises network or a cloud workload.
VMware NSX Network Detection and Response
Positioned as an AI-based threat correlation and forensics engine within VMware's NSX Distributed Firewall, VMware NSX Network Detection and Response (NSX NDR) aims to help network security and SOC teams efficiently detect malicious activity and block the lateral movement of sophisticated threats.
NSX NDR monitors an extensive set of threat signals generated by network sensors that are distributed across the network infrastructure. It then automatically correlates the signals into threat campaigns. The tool is designed to give network security and SOC teams immediate contextual information they can act on, including traffic crossing the perimeter and moving laterally across the network.
VMware's tool also assesses the extent and duration of every event, providing visibility into attack stages and detecting compromised systems communication between local and external systems.