Evolution of network-based security favoring network detection and response

Cybersecurity threats have evolved to evade many of the basic building blocks of network-based security systems. We believe newer network detection and response (NDR) solutions will increasingly address these new threats and grow to become another major building block of network-based security systems.

Increased computing power that enables cost-effective network monitoring at scale, as well as advances in machine learning and artificial intelligence, have made NDR a powerful and accessible cybersecurity tool.

In this report, we provide a high-level overview of how NDR systems work and why they are needed. We also discuss key areas where NDR systems differentiate themselves, such as in decryption capabilities, and profile four key NDR solution providers.

The building blocks of effective network-based security systems continue to evolve. Firewalls and endpoint detection systems (including newer endpoint detection and response systems), which monitor and stop malicious behavior at networks’ perimeters and endpoints, have been two of the most basic elements of network-based security systems. However, some threats have adapted to evade these protections, so network-based security systems evolved to include intrusion detection systems (IDSs) and network security monitoring (NSM) solutions to monitor and act on malicious data as it moves within networks. These newer solutions have also seen widespread adoption, but the growing number of successful cyberattacks and dozens of additional cybersecurity subcategories have shown organizations need still more robust and complementary solutions.