As CISOs and their teams contemplate the security challenges likely to emerge during the coming 12 months, many are realising they need to improve their level of network visibility.
While endpoint detection and response (EDR) and security information and event management (SIEM) platforms provide valuable support in this area, they still leave critical gaps in coverage. For this reason, security teams are increasingly choosing to also deploy network detection and response (NDR) tools.
NDR delivers value by providing security teams with the ability to reveal cyber risks that they can’t get from other solutions. NDR also provide east-west traffic data that can be used to make extended detection and response (XDR), EDR, and SIEM tools work more efficiently and deliver greater value.
Zero trust pillars
At the same time, security teams must ensure that investments being made in security tools will contribute to future cybersecurity strategic plans. These plans are likely to include meeting government compliance mandates and establishing effective zero-trust security controls.
Both these objectives require security teams to have the ability to visualise their organisation’s entire constellation of endpoints. These range from servers in a data centre to mobile devices operating on the network edge.
When it comes to a zero-trust strategy, there are seven areas of focus that are recognised as being needed for success. Interestingly, visibility plays an ever-present role in each. The seven pillars are:
- Users: It is vital that security teams can see who is accessing the organisation’s network at all times.
- Devices: Visibility is also required of all devices that are connected to the network.
- Data: There is also a need to be able to view all the different types of data travelling across the network in both encrypted and unencrypted forms.
- Applications and workloads: Visibility also needs to extend to the various applications that are being used across the organisation.
- Network/Environment: Teams need to have a holistic picture of the organisation’s entire network architecture across all physical locations.
- Visibility/Analytics: Analytics tools are required to boost visibility and spot events that could indicate a security breach.
- Automation/Orchestration: Teams need to be able to establish a baseline of normal network activity and then use artificial intelligence (AI) tools to automate both the detection of suspicious deviations from normal networks and user behaviour and policy enforcement.
Zero trust challenges
As organisations continue to increase their usage of cloud-based resources and services, the traditional concept of a network perimeter is being eroded. For this reason, having the ability to monitor network traffic, especially within the east-west corridor, becomes even more critical.
Unfortunately, even the best network segmentation policies and endpoint detection systems cannot keep out every malicious activity. This is evident when it comes to protecting against malicious or compromised insiders who use their legitimate credentials to disrupt systems or exfiltrate data.
Security teams need to understand that it’s in the east-west traffic where they will identify post-attack activities such as reconnaissance, lateral movement, privilege escalation, and command and control communications. For this reason, if an organisation is serious about mitigating security risks, having clear visibility into east-west as well as north-south network traffic is critical.
NDR offers additional value by providing insight into what can’t be secured, what needs to be patched immediately, and what is well secured. Armed with this knowledge, CISOs and their teams are able to better communicate their organisation’s risk exposure to senior management and make informed decisions about their technology stack.
If it transpires that there are legacy applications that can’t be secured, this can be addressed immediately. Others that require patching can be prioritised based on the category of risk that they face.
For these reasons, it’s clear that NDR is a cornerstone of an effective zero-trust security strategy. By having clear visibility across an entire IT infrastructure, and zero trust measures in place, security teams can spot threats as they appear and take the steps necessary to thwart their progress.