没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Gartner, Inc. | G00815058
Page 1 of 15
Emerging Tech: 3 Priorities for Hybrid Network
Detection and Response Platforms
7 November 2024 - ID G00815058 - 15 min read
By:Charanpal Bhogal, Thomas Lintemuth, Nahim Fazal
Initiatives:Emerging Technologies and Trends Impact on Products and Services
NDR products are evolving because the attack surface has
expanded, but buyers struggle to differentiate between vendors. To
remain competitive, product leaders must use AI techniques,
extend coverage to OT, IoT and cloud environments, and improve
integration with other security products.
Overview
Key Findings
Recommendations
Product leaders seeking to capitalize on the emerging NDR trends must:
Adoption of GenAI in network detection and response (NDR) products across
vendors is creating offerings that drive performance and consistency in detection
while aiding in the reduction of false positives and alert fatigue, and enabling better
correlation and presentation of incidents.
■
NDR vendors are developing capabilities that extend beyond the traditional network
to provide coverage across hybrid environments, including IT, operational technology
(OT) and multicloud environments. This coverage counters the growing attack
surface through support for both IT and OT protocols.
■
NDR appeal remains the greatest among the mature organizations, but NDR vendors
are also focusing on midsize enterprises through managed security service provider
(MSSP) integrated offerings. Industry-specific and critical infrastructure use cases
are also in focus.
■
Implement higher-fidelity detection that can detect encrypted traffic through neural
networks and deep learning by enabling progressive rollout of AI agents that
automate response workflows.
■
This research note is restricted to the personal use of liuyang17@qianxin.com.
Gartner, Inc. | G00815058
Page 2 of 15
Analysis
Introduction
The NDR product roadmap plans that provided revenue for the past three years will not
provide success for the next five. Many NDR vendors are struggling to balance three
priorities:
NDR product providers must focus their efforts on three specific product function priorities
to retain or gain competitive differentiation in an increasingly crowded market that suffers
from buyer fatigue and frustration.
Technology Description
NDR products detect abnormal system behaviors by applying behavioral analytics to
network traffic data. They continuously analyze raw network packets or traffic metadata
within internal networks (east-west) and between internal and external networks (north-
south). NDR products include automated responses, such as host containment or traffic
blocking, directly or through integration with other cybersecurity tools. NDR can be
delivered as a combination of hardware and software appliances for sensors, some with
IaaS support. Management and orchestration consoles can be software or SaaS.
Enhance the ability to effectively detect and respond to attacks by baselining
against attack frameworks such as MITRE, and focus the visibility of network
telemetry to include on-premises, multicloud and OT environments.
■
Increase the effectiveness of NDR products as a comprehensive threat detection and
response platform by evolving from network detection to address the wider attack
surface. Focus on identity and user behaviors and integrate with other security
detection tools to provide comprehensive visibility.
■
Reduce false positives and alert fatigue from their products
■
Expand across a hybrid environment beyond the enterprise (i.e., multicloud and
OT/IoT environments)
■
Enable integration with other security detection tools and support a zero-trust
ecosystem
■
This research note is restricted to the personal use of liuyang17@qianxin.com.
Gartner, Inc. | G00815058
Page 3 of 15
Organizations also rely on NDR to detect and contain postbreach activity such as
ransomware, insider risks or lateral movements. NDR complements other technologies
that trigger alerts primarily based on rules and signatures by building heuristic models of
normal network behavior and spotting anomalies.
The key components of NDR are shown in Figure 1.
Figure 1: NDR Core Features
NDR is commonly used as a complementary detection and response technology as part
of a broader arsenal of network security and security operations tools. These include
security orchestration, automation and response (SOAR), security information and event
management (SIEM), endpoint detection and response (EDR) and extended detection and
response (XDR) tools.
This research note is restricted to the personal use of liuyang17@qianxin.com.
剩余14页未读,继续阅读
资源评论
lurenjia404
- 粉丝: 5333
- 资源: 170
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于 Qt 的仓库管理系统详细文档+全部资料+高分项目.zip
- 基于 Qt 的系统字体管理器详细文档+全部资料+高分项目.zip
- 基于Qt 与 FluentUI 的操作系统实验应用详细文档+全部资料+高分项目.zip
- 基于Qt 的一个上位机 水产养殖自动控制系统详细文档+全部资料+高分项目.zip
- 基于QT,使用c++写的简单的学生管理系统详细文档+全部资料+高分项目.zip
- 基于QT、ARM开发板、Linux系统并对接百度AI的停车管理系统详细文档+全部资料+高分项目.zip
- 基于QT、sqlite数据库实现员工信息管理系统详细文档+全部资料+高分项目.zip
- 基于QT、MySQL开发的酒店管理系统(c++课设)详细文档+全部资料+高分项目.zip
- (176181450)利用Servlet实现的在线考试系统.zip
- kotlin库jar包资源
- 基于QT+MySQL+C++实现的机房管理系统详细文档+全部资料+高分项目.zip
- 基于QT+Mysql的医院预约管理系统详细文档+全部资料+高分项目.zip
- 基于Qt+MySQL的机房收费管理系统详细文档+全部资料+高分项目.zip
- 基于Qt-qvfb开发的电子点菜系统。详细文档+全部资料+高分项目.zip
- (176818240)基于Servlet+JSP+JavaBean的图书管理系统 .zip
- 基于QT+SQL数据库开发的教室管理系统详细文档+全部资料+高分项目.zip
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功