+
EDITOR’S QUESTION
TAREK KUZBARI, REGIONAL
DIRECTOR – MIDDLE EAST,
BITDEFENDER
P
revention is better than cure and
nowhere is this more true than in
cybersecurity. There is no one-size-
fits-all solution for every kind of threat or
infrastructure. However, in recent years,
progressive organisations have started
taking a pro-active approach to combating
cyber-incidents.
Their new strategy – which marks a
paradigm shift for cybersecurity – deploys
multiple layers of detection, prevention and
remediation for all kinds of threats, both
external and internal, at the network level as
well as at endpoint level.
Even if a sophisticated attack gets past one
layer, security operations centres (SOCs)
can still catch the attack somewhere in
transit. However, because the time between
detection and response is critical, for this
strategy to work, some AI-magic is required
– automation.
Moreover, according to a recent Forbes
Insights survey, 75% of companies are
falling way behind in this regard. To
provide a solution that can achieve these
goals, cybersecurity vendors have had to
adapt their thinking as well. Enter Network
Detection and Response.
Network Detection and Response (NDR) –
the brainchild of Network Traffic Analytics,
Network Forensics and Endpoint Detection
and Response – combines advanced
security traffic monitoring and analytics,
in-depth investigative capabilities and
remediation measures on both endpoint
and network levels.
A next-generation solution, NDR enables
SOC teams to perform fast triage, root cause
analysis and network-wide remediation.
It supports both manual and automated
remediation actions and saves time and
resources without requiring additional hires
www.intelligentcio.com
or skill. Network-centric security isn’t new but
it’s certainly a recent hot topic in the context
of evolving cyberthreats. To better combat
advanced persistent threats, malware,
malicious insiders or negligent behaviour,
vendors have started to craft solutions using
Machine Learning and behaviour analytics
with insights from cloud threat intelligence
derived from millions of sensors globally.
/////////////////
An immediate key benefit of leveraging
behaviour analytics and threat intelligence is
the drastic reduction of false positive alerts,
and their associated condition known as
alert fatigue, by consolidating similar alerts
and pre-staging evidence in one view. Fast,
automated alert triage enables SOC teams
to dramatically improve how they handle
incident investigation and threat response.
Choosing the NDR solution that’s
right for you
Advanced threats call for advanced
defences, and recent studies indicate the
time to start prospecting is now. Your ideal
NDR deployment leverages cloud threat
intelligence based on data, collected from
millions of endpoints globally, for out-of-
band network traffic meta-data analytics
based on AI, ML and advanced heuristics.
Threat intelligence is key to achieving
superior detection of advanced persistent
threats with minimal false positives.
A business handling large clusters of
customer data should prospect NDR
solutions that only analyse traffic meta-data,
eliminating the risk of exposing payload
data on unencrypted communication and
ensuring compliance with both local and
international data privacy laws. The exclusive
focus on traffic meta-data eliminates
privacy concerns surrounding non-encrypted
traffic, but still lets SOCs identify network
behaviour that violates policy. The ideal NDR
deployment can further ease compliance
by analysing encrypted traffic for suspicious
behaviour without having to decrypt actual
data packets.
Enterprises everywhere must protect
corporate-issued endpoints, user-managed
devices and network elements, as well
as BYOD and IoT deployments. This is
particularly true in most UAE and Saudi
firms. A recent Honeywell study shows
two thirds of companies operating in
these countries view IoT as critical to
growth. Besides the main pain points of
protection, costs and skills, NDR will help
dramatically in terms of interoperability
within the IT ecosystem, especially for
hybrid infrastructures with smart devices,
IoT, Operational Technology (OT), and even
legacy systems.
Finally, all prospecting NDR buyers should
seek a single-pane solution that offers a
bird’s eye view of all network activity across
the infrastructure, saving them time and
money without requiring an extensive, skilled
staff to maintain the solution, while stepping
up the security maturity ladder.
INTELLIGENTCIO
31