Laura
13/03/2023
Managed NDR is network detection and response (NDR) combined with an outsourced SOC (Security Operations Center) monitoring and response layer.
The meaning of “managed” in managed NDR will vary from provider to provider. Some managed NDR services will remediate threats for you, while others will stop at alerting and assisting your internal IT team.
Similarly, the capabilities of the “NDR” part of managed NDR will also differ depending on who offers it. In general, NDR solutions monitor network traffic and can be configured to respond automatically to potential cybersecurity threats.
Why Managed NDR
Network visibility is a major challenge for most organisations.
Greater numbers of endpoints and servers accessed from diverse places and integrating cloud environments obscure network traffic and create blind spots. Security teams are struggling to turn the lights back on.
In a 2021 survey, just over a quarter (28%) of companies rated their network visibility as “high.” Most reported their network visibility as “cloudy” or “low.”
Self-managed solutions like security information and event management (SIEM) platforms and attempts to make networks more transparent by design are having little impact towards solving this problem. In a 2022 survey by IT analytics firm Enterprise Management Associates (EMA), only 34% of companies reported being “fully successful” with their network visibility architecture.
Many organisations have deployed NDR solutions to improve their network visibility. However, only some have the expertise or capacity to configure them correctly or respond to the alerts they create.
This need for better insight into network behaviour without any extra workload is making the concept of managed NDR attractive to a growing number of security teams.
The point of managed NDR is to magnify the capabilities of NDR by pairing them with a SOC-esque team outside the protected network.
In theory, managed NDR combines behaviour-based network monitoring and incident response with 24/7 365 network monitoring and response. It can also provide another layer of functionality for finding and remediating network threats.
Managed NDR vs NDR vs SenseOn
Network monitoring and response tools can help unlock visibility and cyber threat response capability.
Here is a quick rundown of NDR versus managed NDR versus SenseOn’s security platform.
NDR
One of the core advantages of NDR is that it can deliver profound insight into network behaviour and security incidents without needing agents or logs. When correctly configured, an NDR can give almost 100% visibility into what is happening across an organisation’s network.
Compared to SIEM solutions, NDR can deliver relatively context-rich alert information and take action automatically. For example, an NDR can be configured to instruct a firewall to cut off traffic from a suspicious source upon detection.
Because an NDR typically works by using behavioural analytics to analyse network traffic from a central point, it can deliver insights into what assets are connected to a company’s network without needing device-level implementation.
This means that an NDR can theoretically discover unknown assets on a company’s network and spot advanced threats or lateral movement attempts.
However, one disadvantage of NDR solutions is that they only analyse network traffic. NDRs do not natively take into account data from other parts of an organisation’s environment and are not a comprehensive security solution.
Plus, even though it is sometimes possible for NDR tools to instruct another solution layer, for example, an EDR, to take action, this is not a default capability. NDR solutions are often incompatible with other security solutions.
While NDR solutions have a use case, they will not make an organisation inherently more secure.
Disconnected from other network security tool integrations and workflows, NDRs can also be relatively inaccurate compared to human analysts or more comprehensive tools. False positives can still be a problem with many NDR solutions.
Managed NDR
Managed NDR is a cybersecurity solution offering that takes the information generated by an NDR solution deployed within an organisation’s environment and feeds it back to a SOC-esque team staffed by an NDR vendor.
When this team spots a likely threat, they will either take action to remediate it at the network level or instruct their client’s team on how to do so themselves.
Compared to a managed SOC, which will perform a wide range of security deployment, configuration and response tasks, a managed NDR offering serves a relatively limited purpose. Managed NDRs often focus entirely on threat detection and response within a company’s network environment.
As a result, managed NDRs can be an excellent solution for organisations that can perform most of their security tasks in-house but lack expertise in responding to threats within their network environment.
Managed NDR shares the same issues as unmanaged NDR. It is a solution set that only looks at a particular part of a company’s IT environment (i.e., the network) and cannot natively access information outside of this area.
SenseOn
SenseOn is another level of capability beyond NDR or managed NDR.
Through a single agent known as a Universal Sensor, SenseOn combines the network monitoring capabilities of NDR with the abilities of other security solutions such as endpoint detection and response (EDR), SIEM, and security orchestration, automation, and response (SOAR).
SenseOn can take network traffic information, combine it with logs from devices or servers and deliver context-rich alerts using its artificial intelligence.
Critically, SenseOn uses machine learning to learn the best course of action at every layer of an organisation’s environment natively.
If SenseOn sees suspicious traffic coming from an endpoint, it will not only isolate that endpoint from the rest of the network, but it will also shut it down and scan for malicious activity and evidence of malware or ransomware.
SenseOn will also correlate any network information it collects with metadata from across an organisation’s environment to deliver a data-rich “case” to human analysts.
Going Beyond Managed NDR with SenseOn’s Managed SOC
By collecting network telemetry in a consistent format, SenseOn avoids issues around data soiling and incompatibility that often occur when organisations deploy multiple solutions within their environment.
Plus, by automating detection and response and filtering out false positive alerts from real cyber attacks, SenseOn dramatically reduces human analyst workload. This joins the dots between network traffic and everything else that goes on within your environment.
SenseOn also offers managed SOC services to our customers, which further automates the threat detection and response process. With this service, SenseOn’s SOC experts will investigate security events in real-time and take action on your behalf.
To find out how SenseOn compares to managed NDR, try a demo or get in touch with our sales team.