Litcius/Paper detail

The problem with (most) network detection and response

Mike Campfield

2020Network Security11 citationsDOI

Abstract

There was once a time when real-time behavioural threat detection at the scale of modern corporate networks was a distant hope. Enterprises had to rely on security information and event management (SIEM) and endpoint detection and response (EDR) data to spot threats. While both categories could do part of the job, they were vulnerable to attacker countermeasures, and there was still a massive gap in network visibility. Real-time behavioural threat detection at the scale of modern corporate networks was once a distant hope. Now we have network detection and response (NDR) solutions – but not all are equally capable. Perhaps the most important issue is the static nature of many NDRs. Many NDR systems are more akin to intrusion detection and prevention systems, anchored to rules or signatures, sending out alerts based on simple pattern-matching. This is where machine learning can play a critical role, says Mike Campfield of ExtraHop.

Topics & Concepts

Computer scienceIntrusion detection systemComputer securityMatching (statistics)VisibilityIntrusionNetwork securityScale (ratio)Simple (philosophy)Data scienceGeologyQuantum mechanicsEpistemologyMathematicsOpticsStatisticsPhysicsGeochemistryPhilosophyNetwork Security and Intrusion Detection
The problem with (most) network detection and response | Litcius