Event Recording

Future-Proof Network Detection & Response for IT & OT – Made in Switzerland

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Yeah, have 10 minutes. So it's a very short presentation focused, giving you a short overview of what, what we are doing here as a Swiss space company. It's all about corporate network, corporate communication and security from a network perspective. And how can this be in advance for you at the moment? Let me see. Next. Next, No, next. Next slide. No next slide. So who we are very short past, it's in spinoff of the A sew 10 years of research. The reason for that, you'll see the next question. Marks came out with a solution as a software solution gives you in visibility of communication in your network base. And if you of security and it came out says, okay, local storage, effective storage, don't use a lot of data, don't use big datas. And focusing on what we can see from a security perspective, again, in the, in your environment from a network security perspective, machine learning is key on that.
It's an automatic process. And one of the main reasons where the research starts is, and I'm asking this a lot of times, the companies, can you see all activities in your network? Are you able to view, to get an insight what your devices? And doesn't matter if it's IT IOT or OT are communicating how they are communicating a network. What is the issue? Can you do with this? 80% of the companies I'm talking at a at this time gives me an answer. No, we don't have this for you. We don't see what the communication is running. And so the next question in that case is, what happens if you have an anomaly? If you don't see that you can't see anomalies in your network, right? And an anomaly is always, you can classify that you have a risk, you can't see this. And so you'll have blind spots in your network.
Yeah. And if you have these blind spots, can you fulfill your regulations? Especially in Germany, If you're looking to critic critical companies, in that case, can you fulfill, and I talk a little bit later, what are these requirements from a law perspective, Can you fulfill this? And all these three answers are in row. Mostly the answer is no, we can't. And that's the situation where we are. And this is why in ndr, I have always a problem in Germany. Cause NDR means not deut, rfu, that means the television center say no. It's network detection on response. And how this is this fitting in in your IT security environment. What you're doing at the moment, you have a lot of equipment on the parameter firewalls. You're doing DDoS protection, you have IDs, you have web application firewalls and so on and so on and so on.
Parameter is key. But we all know you have successful attacks in that case. So it's not perfect, right? So the other part where we are looking for is endpoint security. You have the antivirus, you have now the EDRs, you have software agents on your devices. But the question here is, it's it, right? What you're doing in the IOT environment and what you're doing in OT environment, in that case can't, you can't install agents. But simple, not possible to do, right? So again, you have blind spots and in between you have to network communication. And in fact this, any hacker who is successful is doing a communication. Any mailer aware anything is going and running over the network. I have recently a discussion which says, okay, network is gone. And it was a little bit disturbing. I say no network is not gone. Cuz without a network we are not in the internet, right?
Doesn't matter if you're going in the cloud, you need communication. You need, you have communication. So why we are not having a deeper look on network communication Because again, and there is, where is an NDR coming in, right? For two reasons. It says network security and forensics. I'm, I'm a young guy, I'm not so long in the industry but I've seen a lot of war and mostly the war rooms. I'm saying this is a panic room cause haga was successful and now you see the IT guys, you see the network guys running around, what the hell happens, why it happens, Who is affected on that, right? Is it, is it only once or is it network? Is an application, is it a device? What is and how I get quickly these kind of datas, remember pyramid security data's coming in, got classified good going in the network data gun, right?
If you're looking the endpoint perspective, you have the same issue. Data's coming in, you've got an email, it's classified as good and the data are gone. Right? So how you're doing analysis, most answer I get for big companies we have security information and event management. But what happens if you don't have a use case of that, if you don't know what you have to search for, it takes time, right? And if you don't understand what you're looking for, you have a big, big database with data, you can't use them. And that is again, network detection coming in. It doesn't prevent but it helps you if you have an attack cuz you can look at any stage what's going on and it generates all the automatically in use case. And how we are doing that, I mean I have only 10 minutes so that's the reason why I'm talking so quick. Don't forget it. Right?
So there are three areas where NDR can help you from a German perspective. The C environment says, I given an example, it's give you a protocol, it's a monitoring gives you a protocol and says you can store data for a certain timeframe, right? The detection is there cuz we are detecting after an attack is successful, right? The response part says we are giving the information, yeah we are not shutting down a firewall or an device but we helping the security Analyst to generate use cases to look further in, right? Cause we are independent from application, We are independent from any network vendors, we are independent from anything cuz we are looking just we are analyzing communications in that case, right? And that's c part of us and that's where we can help in this environment and how we are doing this, we are taking information from your existing devices and it means lock files, network protocols.
And there's a very specific development behind this cuz you have millions of data points in these kind of network communications and the solution is designed with machine learning algorithms to work with this and bring up your use cases. So the good part is it's easy to install. You have your, you have your routes, you have your network admin. It takes them 10 minutes to push the data to the software especially, or the lock files or whatever it is to bring the data to the software, right? Which is stored either in your local environment or in the cloud, wherever you want this. It's also independent if it's your local network, if it's your cloud environment cause you have Netflix also there. So you can have an overview about any communication which is connected to your network wherever it is. The machine learning algorithms is the part where we are looking from a security perspective.
Cause it's monitoring on a security perspective. What happens, it's an anomaly based monitoring, it's behavioral analysis and it looks always, it compares between what is the normal status and where are the parts which are not normal at that case, right? So you can see new connections, ports, applications. You see if changes coming in and you don't know this and gives a complete overview, 98% of the data we are looking for are not interested for you. It's just put away, it's 2% where you have to look why a network admin is not perfect. A security admin is not perfect. We're doing mistakes. You have holes in your rules, you have holes in new applications, you don't know how the application is dealing with your network and whatever. And that is a part where we are stepping in in that case. And of course visibility is helping always.
Is it different if you're looking for an exel or similar things or if you have a very plastic fuel and doing visibility where you can drill down to find who is affected, where is affected, what was happening at this stage and compare this with the past and or see this is real time. So that is the part what we are doing here. Just an overview. Who is affected on that? In in, in the in in your organization from a Cecil or CIOs perspective, it helps to spare money. Cause you don't need to spend so much time and money for the so analysts for your sim cuz we are preparing the data and then just we are interact with a security event management. So the compliance is a part. Forget, don't forget, I always say we are in that case, designed for if an attack is happening right now or even attack happened, sorry, my bad English at the moment.
So we can help you to send reports to the police, to other stakeholders to say this is exactly in, in our timeframe, what happens? That's the part from the cio. So compliance, cost effective and stuff like that. The network admin and the security admin, they can fuel what we have in your network. It's not performance, it's not a searching is just from the security perspective we have a better usability and to design what they need to do next. In that case, it helps the so Analyst to, to produce his use cases very effectively. Cause he has information he don't have at the moment, right? From a certain perspective, the operational benefits, you can act with the panic room. Don't forget this, right? Yeah. You see the information, you can, you can follow, you can take actions and where in my time I'm good to my time or so that's it. Very brief. 10 minutes. What is an ndr? I'm there to explain you more deeper if you want. Yeah. Thank you for listening.

Stay Connected

KuppingerCole on social media

Related Videos


Key Findings on Malign Information, Misinformation, and Cyberattacks

Ksenia Iliuk, Head of Research at Detector Media, Ukraine tells us about some key findings of their research in the media landscape of Ukraine. Find out what she has to say about Telegram and what it has to do with #cybersecurity .

Analyst Chat

Analyst Chat #149: The Top 5 Cybersecurity Trends - Looking Back at CSLS 2022

Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in…

Event Recording

Assessing your Cybersecurity Tools Portfolio: Optimize Cost, Increase Security

Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the…

Event Recording

Cyber Warfare - A Reality Check

Cyber Warfare and Disinformation have been heavily weaponized since Russia´s full-scale Invasion of Ukraine and even before, aiming at destabilizing the free part of the world. It is the "synergy of the evil" between cyber warfare and MDM (Misinformation, Disinformation,…

Event Recording

How the Current Crisis could become a Catalyst for Various Transformations

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00