Do I need Network Threat Detection & Response (NTDR)?
NTDR products/services are getting a lot of attention at conferences and in the cybersecurity press. But does your organization need it? We’ll look at what NTDR products do, reasons to consider NTDR, and some high-level evaluation criteria regarding NTDR products.
1 Executive Summary
Network Threat Detection & Response (NTDR) solutions look for evidence and effects of malware that may have slipped past Endpoint Protection (EPP) products or found its way onto networks in other ways. NTDR solutions log network-level communication data centrally, examine traffic patterns and in some cases payloads in real-time, and alert security analysts when potentially suspicious behavior is found.
Many organizations use EPP, Endpoint Detection & Response (EDR), and NTDR products for layered defenses. NTDR tools often work in multiple environment types: on-premises, hybrid, and inside IaaS. For the on-premises portion, the tool must intercept network traffic at the appropriate points. Most vendors provide virtual instances that run inside Amazon and Azure, and in some cases Google and Oracle IaaS and PaaS too.
How do you know if NTDR is something your organization needs? We will look at a simple flowchart and describe business use cases where NTDR can be a crucial cybersecurity architectural component below.