Leadership Brief

Do I need Network Threat Detection & Response (NTDR)?

NTDR products/services are getting a lot of attention at conferences and in the cybersecurity press. But does your organization need it? We’ll look at what NTDR products do, reasons to consider NTDR, and some high-level evaluation criteria regarding NTDR products.

John Tolbert


1 Executive Summary

Network Threat Detection & Response (NTDR) solutions look for evidence and effects of malware that may have slipped past Endpoint Protection (EPP) products or found its way onto networks in other ways. NTDR solutions log network-level communication data centrally, examine traffic patterns and in some cases payloads in real-time, and alert security analysts when potentially suspicious behavior is found.

Many organizations use EPP, Endpoint Detection & Response (EDR), and NTDR products for layered defenses. NTDR tools often work in multiple environment types: on-premises, hybrid, and inside IaaS. For the on-premises portion, the tool must intercept network traffic at the appropriate points. Most vendors provide virtual instances that run inside Amazon and Azure, and in some cases Google and Oracle IaaS and PaaS too.

How do you know if NTDR is something your organization needs? We will look at a simple flowchart and describe business use cases where NTDR can be a crucial cybersecurity architectural component below.

Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package