The problem with (most) network detection and response
Mike Campfield
Abstract
There was once a time when real-time behavioural threat detection at the scale of modern corporate networks was a distant hope. Enterprises had to rely on security information and event management (SIEM) and endpoint detection and response (EDR) data to spot threats. While both categories could do part of the job, they were vulnerable to attacker countermeasures, and there was still a massive gap in network visibility. Real-time behavioural threat detection at the scale of modern corporate networks was once a distant hope. Now we have network detection and response (NDR) solutions – but not all are equally capable. Perhaps the most important issue is the static nature of many NDRs. Many NDR systems are more akin to intrusion detection and prevention systems, anchored to rules or signatures, sending out alerts based on simple pattern-matching. This is where machine learning can play a critical role, says Mike Campfield of ExtraHop.