Security teams whose organizations are outside the Fortune 500 are faced with a dilemma. Most teams will have to choose between deploying either a network traffic analysis (NTA) or network detection and response (NDR) tool or an endpoint detection and response (EDR) tool to supplement their existing stacks.
On the other hand, some organizations are getting the best of both options by switching to extended detection and response (XDR) tools which often provide all these tools in one solution.
This is the key takeaway of a new whitepaper by security provider Cynet (download it here).
NDR tools have become more popular, and for a good reason. They offer organizations a variety of benefits and can help further secure an environment from lateral movement attacks and further infiltration if an initial attack succeeds. NDR tools can detect a wide range of malicious activities and anomalous behaviors.
The question is whether the strengths of an NDR tool outweigh its limitations.
The pros and cons of NDR
NDR and Network analytics tools offer two major benefits for organizations: threat detection and operational impact.
Network analytics tools can help organizations detect and track a variety of anomalous behaviors and malicious actions that could indicate an attack, including:
- Malicious authentications through anomalous user actions
- Network-based reconnaissance activities
- Unusual login attempts that happen too close to each other, or that deviate from network behavior patterns.
Additionally, network analytics tools are unintrusive. They do not require endpoint installation and don't impact live network traffic. They can also be ideal for organizations where users are not expected to install agents.
On the other hand, network analytics tools fall short when it comes to protecting the individual endpoints in an environment. They aren't equipped to detect malicious file activity, process execution, and other indicators of endpoint compromise.
This limits their visibility and ability to protect against initial attacks. It also restricts their prevention capabilities. Instead, NDRs and other network analytics tools largely focus on detection and alerts. They also offer little in the way of remediation outside of network remediation.
How XDR bridges the gap
The solution XDRs offer to this dilemma is to consolidate a variety of both detection and response tools into a single platform. This means that on top of detection and alerts, XDRs can also automatically respond, investigate and remediate threats and attacks wherever in an environment they occur. XDRs can include a variety of tools including:
- User and Entity Behavior Analytics (UEBA)
- Deception tools
This removes the multiple panes of glass issue and lets organizations work with single panes. Instead of requiring a stack that integrated multiple siloed security tools, XDRs can offer a layered and natively integrated solution that can help detect threats and respond to them better.
You can learn more by downloading the whitepaper here.