Laura
05/05/2023
If you are wondering whether your firm needs network detection and response (NDR), ask yourself this question: How often did your team come into the office in the last week?
Probably more than they did last year, but almost certainly daily. This is what work now looks like for most people. And if this describes your organisation, you need an extra layer of defence inside your network perimeter.
To see why, just look at what has happened to the network perimeter itself.
The early days of widespread remote work were full of scary predictions about the impact it would have on network security. Many turned out to be true. Cyber threats increased by 81% while the likelihood of someone clicking on a phishing email soared.
Now, long after the COVID-19 pandemic made large-scale remote work common and employee preferences created the (mostly) hybrid normality we have to work around, the risks of having employees work remotely continue to grow. For example, recent research shows that about a third of remote and hybrid workers use software/apps that haven’t been approved by IT, many of which host vulnerabilities or are poorly configured.
Based on the above, remote work has broken the castle and moat model of cyber security. Can NDR fix things?
What Does NDR Do?
NDR is a solution to a core cybersecurity question faced by companies with remote and hybrid workforces: How do you protect a network from the inside out?
NDR answers this challenge by examining what’s happening within an organisation’s network traffic. If firewalls are designed to stop threats coming into networks, NDR is an advanced method of spotting the ones that, for whatever reason, make it through.
NDR solutions typically use some variation of machine learning technology to analyse traffic and find the hooks or behaviours that indicate something malicious is happening. This is the ND (Network Detection) in NDR.
The R (Response) part of NDR happens when a threat is detected. Once they spot malicious behaviour, NDR solutions alert security teams and can take independent action, such as isolating an endpoint from the rest of the network. Many NDR solutions use the MITRE ATT&CK framework to spot threats and decide what to do next.
Why Hybrid and Remote Work Needs NDR
Remote and hybrid work has turned the corporate network into something resembling a block of Emmental, i.e., full of holes. This sounds dramatic, but it’s a fairly accurate analogy of how porous a typical network now is.
Consider how many more remote endpoints, cloud instances, and SaaS tools are now connected to your network compared to the time before your company went remote. Then think about how many of these new network assets are properly configured, have access management controls in place, and are protected by security solutions that receive enough telemetry (all of the time) to spot threats in progress. For bonus scares, imagine how many network-connected assets you do not know about. According to Forrester, it could be up to 50% more than you think.
Hybrid working adds even more complexity to this playing field. Hybrid staff will connect to your office one day, their home network another, and some variation of coworking space/cafe/local library the next.
They will also bring personal devices and USB sticks (now facing a new wave of threats such as resurgent Raspberry Robin malware) into your on-premise environments with few controls. Odds are, your firm does not strip-search hybrid employees looking for malicious hardware. Thus hybrid work also gives insider threats more ways to enter your network and more room to manoeuvre once in.
All this means that threat actors have far more ways to get from endpoints to network assets than ever before. Even VPNs, though they do make networks safer, are another attack vector (44% of organisations witnessed an increase in exploits targeting VPNs last year).
That’s not to say that endpoint detection and response solutions are redundant. In fact, having a solution for protecting endpoints in place is more important than ever. Instead, the conclusion here should be that the security of a network perimeter can not be counted on. In no circumstance. Ever.
Instead, networks need another line of defence, and NDR has, in fact, never been more valuable.
SenseOn’s Remote-Friendly NDR solution
Remote workforces need solutions like NDR, but deploying NDR can be a highly challenging undertaking for any organisation. Plug-and-play effective NDR is not a given.
Even with careful and continuous calibration and security engineering, the volume of data that goes through NDR solutions means they can still overwhelm security teams with false positive alerts. They can also struggle to provide them with the kind of useful context needed to investigate and remediate threats.
SenseOn’s advanced NDR solves these challenges with a built-for remote and hybrid work NDR offering.
Schedule a demo to see how SenseOn works today.