Alessandra Peters

20/08/2022

Why People Have Stopped Using NDRs

Whilst Network Detection Response tools (NDRs) have proved to be valuable tools in the past, enterprises with evolving architectures are increasingly replacing them with modern tools, like SenseOn. Here are the top five reasons why people are getting rid of their NDRs. 

1. NDRs don’t support modern architecture.

Especially in a post-COVID landscape, traditional NDRs are no longer fit for purpose. Firstly, organisations are rapidly adopting cloud-based tools and infrastructure which is unsupported by NDRs. Secondly, as a result of remote working, corporate assets are less reliant upon traditional network controls which makes NDRs less effective. Thirdly, the movement to adopt zero trust policies creates challenges with users being forced off VPN, thereby creating new paths to access corporate data that aren’t picked up by NDRs. Finally, increasingly complex networks mean that businesses are no longer reliant upon a single network core, which also decreases the efficacy of NDRs. 

2. NDRs struggle to operate in ‘grey space’ 

NDRs have crucial gaps in their detection abilities. This creates a need for additional detection tools to identify attackers operating in ‘the grey space’ which NDRs struggle to pick up. For example, NDRs will not determine a threat in a situation where adversaries ‘live off the land’ using existing tools, hiding between the gaps of other security tools (i.e. threat actors using tools and access in place for legitimate purposes). NDRs are also prone to missing some types of malicious network activity, for example, connectivity inside of subnets or off the network.

3. NDRs are too noisy

NDRs tend to be extremely noisy, with high levels of false positive alerts. NDR’s heavy reliance on AI abnormality detections is often low in accuracy, especially when deployed in complex, distributed & noisy networks. Common false positive security alerts include connections to wifi printers for the first time and non-FTEs connected to the network. 

4. NDRs have a high barrier to entry to make them functional

Typically NDRs require a high dependency on scarce, and expensive, Security Engineering resources. This is because NDRs require large amounts of writing, fine-tuning & maintenance to deal with, for example, detection rules, false positive omissions, data integrations (in and out). This also produces a burden of repetitive work concerned with rebuilding and tuning rules post-roll-out expansion in addition to dealing with updates on systems in the estate. 

5. NDRs & their upkeep aren’t showing enough value 

Overall, NDRs aren’t providing users with the value that they deserve. In contrast, SenseOn can offer much broader value by combining the capabilities of EDR, NDR, SOAR, SIEM and AV into a single platform. 

Sign up to our newsletter

Join thousands of like-minded professionals who are already 
receiving our blog updates and best practice guides.