Network Detection and Response (NDR) is the last line of defense for securing business asset traffic in the cloud. This topic describes common use cases for NDR.
Major event support and threat tracing
Challenges
During major events, network security is especially important. Attackers may use this opportunity to launch advanced attacks, such as Advanced Persistent Threats (APTs), zero-day vulnerabilities, and stealth attacks, to disrupt normal operations or steal sensitive information. In these highly adversarial situations, security operations personnel must not only detect alerts but also trace attacks by analyzing the attack traffic. They must analyze the attacker's paths and methods to proactively implement targeted and effective defenses. However, current border protection devices often provide only event alerting and do not store the raw attack traffic. This means security operations personnel lack the raw traffic needed for attack forensics, which makes it impossible to investigate unusual traffic. This creates a major security risk.
Solution
NDR uses threat analysis and multiple detection engines to detect a wide range of threats. When an alert is generated, NDR saves the attack event packets and the raw traffic from before and after the attack. This helps security teams perform attack forensics. They can understand the attacker's techniques, identify intrusion paths, and confirm the attacker's identity and goals. This data provides strong evidence for legal action if needed. The solution fulfills tracing requirements while controlling costs by not storing unnecessary traffic, which avoids high storage fees.
Asset risk assessment and sensitive data leak detection
Challenges
Customers in industries such as finance and healthcare often handle large amounts of sensitive, high-value data. Attackers try to steal this data for illegal profit or for use in commercial competition. Therefore, attackers can easily exploit risks such as unauthorized open ports, exposed sensitive data, and weak passwords on assets. A data leak can cause enormous financial losses and reputational damage to the company.
Solution
To protect company assets and data, you must first identify which assets are at risk. The asset and risk management capabilities of NDR automatically identify the types of assets and services in your cloud environment. NDR quickly discovers issues such as unauthorized open ports, logons with weak passwords, and exposed sensitive data. This helps you identify high-risk assets and annotate interfaces that transmit sensitive data.
Strictly regulated log compliance and traffic audit
Challenges
Some industry customers have strict requirements for log audits. Their on-premises business logs are centrally managed on self-built Security Information and Event Management (SIEM) and Security Operations Center (SOC) platforms. However, they lack an effective way to perform comprehensive threat analysis of all traffic in the cloud. They face problems such as incomplete Layer 7 bidirectional logs and complex retrieval and delivery operations. They need to perform comprehensive network traffic analysis and audit access behavior for cloud assets.
Solution
NDR effectively detects all bidirectional traffic in the cloud. You can use its protocol log retrieval, filtering, and delivery capabilities to generate comprehensive log information. In the NDR console, you can visually analyze and retrieve this log information. NDR also supports delivering custom protocol types and specific fields to on-premises platforms, such as SIEM, for centralized auditing.