The average cost of a data breach is a whopping €3.18 million (or $3.86 million at the time of writing this article). As intruders on enterprise networks increased dramatically, it’s now critical to detect and eliminate threats before any real damage is done.
This makes robust Network Detection and Response (NDR) vital to cyber security. This is also reaffirmed by increased demand from our partners, customers, and extensive media coverage.
Traditionally, security experts first looked at the data generated from endpoints and logging tools. However, this method didn’t exactly work as there was simply too much data to process and a holistic view of the whole network was missing.
But what’s the difference between traditional NDR and future-proof NDR?
All leading NDR tools help businesses identify and respond to potential threats on the network. At its most basic, the key difference is that traditional NDR tools rely on a hardware-based mirroring of network data while smart future-proof NDR solutions are based on a lightweight log-analysis approach without any need for additional hardware.
Traditional NDR solutions mirror the network data through hardware sensors. So, companies that take the conventional route must invest in the installation and maintenance of proprietary hardware sensors. This approach helps mirror complete network packets with tapping or span-port infrastructure. Then mirrored data is analysed to detect potential threats.
In other words, you’ll have to include physical sensors and specialised hardware provided by the vendor to mirror network traffic. In addition to the effort needed, it also leads to a vendor lock-in.
Furthermore, new decentralised network architectures are often not supported by traditional NDR tools. As a result, you also risk overloading your network while derailing technological evolution and overall competitiveness.
The increasing encryption of network data also poses a challenge to traditional NDR solutions as they are not able to see inside the payload anymore. This means that hidden threats often go undetected.
In contrast, a future-proof NDR solution like ExeonTrace evolves with the threat level. As it’s a purely software-based solution, you don’t have to invest in proprietary hardware.
Unlike traditional NDR solutions, proven smart algorithms power ExeonTrace. It uses your existing infrastructure and lean architecture to detect and respond to threats effectively. It’s also an approach that ensures comprehensive visibility in hybrid environments.
Instead of full network packets, lightweight log data (or metadata) exported from existing network devices are analysed. As such, there’s no need for mirroring or tapping (or purchasing proprietary hardware).
The results of our metadata-based approach are equivalent if not superior to full network packet-based analysis. This is because the traditional packet-based analysis can no longer extract information from the payload. After all, the traffic is encrypted.
By integrating additional log data, such as proxy logs, AD logs, and so on, the meta log data-based approach is more advanced. These data sources also provide information about the contents of encrypted communications and ensure that potential threats have no place to hide within your network.
Already overwhelmed security teams benefit from lightweight set-up and maintenance. Powerful AI and big data algorithms are prepared for increasing traffic and encryption, ensuring adequate support for enterprise security teams. Furthermore, you don’t have to buy new NDR tools as the threat evolves or when your infrastructure scales.
As cyber security threats grow exponentially and become more sophisticated, enterprises must go the extra mile to fortify their infrastructure in real-time (and stay out of the headlines). As such, future-proof NDR now forms the foundation of robust cyber security strategies.
The author: Carola Hug, COO of Exeon