Next-Gen Network Detection & Response

Key takeaways of this article:

As future-proof NDR solutions rely on lightweight log data analysis instead of traffic mirroring:

  • no hardware is required
  • networks are not overloaded
  • fine-grained visibility at many collection points can be provided
  • native cloud logs can be easily integrated

This approach is superior to traditional NDR solutions because:

  • most traffic is encrypted any way and cannot be analysed through the mirroring approach
  • the algorithms are specifically built for encrypted data
  • many collection points can be considered which allows for very detailed visibility
  • additional log data can easily be integrated which leads to a more thorough understanding of network activities

Why the Swiss Cyber Solution ExeonTrace Is Future-Proof by Design

The average cost of a data breach is a whopping €3.18 million (or $3.86 million at the time of writing this article). As intruders on enterprise networks increased dramatically, it’s now critical to detect and eliminate threats before any real damage is done.

This makes robust Network Detection and Response (NDR) vital to cyber security. This is also reaffirmed by increased demand from our partners, customers, and extensive media coverage.

Traditionally, security experts first looked at the data generated from endpoints and logging tools. However, this method didn’t exactly work as there was simply too much data to process and a holistic view of the whole network was missing.

In response, Swiss cyber security company Exeon developed ExeonTrace, a future-proof smart NDR solution powered by award-winning AI algorithms.

But what’s the difference between traditional NDR and future-proof NDR?

Traditional NDR vs. Future-Proof NDR

All leading NDR tools help businesses identify and respond to potential threats on the network. At its most basic, the key difference is that traditional NDR tools rely on a hardware-based mirroring of network data while smart future-proof NDR solutions are based on a lightweight log-analysis approach without any need for additional hardware.

Traditional NDR

Traditional NDR solutions mirror the network data through hardware sensors. So, companies that take the conventional route must invest in the installation and maintenance of proprietary hardware sensors. This approach helps mirror complete network packets with tapping or span-port infrastructure. Then mirrored data is analysed to detect potential threats.

In other words, you’ll have to include physical sensors and specialised hardware provided by the vendor to mirror network traffic. In addition to the effort needed, it also leads to a vendor lock-in. 

Furthermore, new decentralised network architectures are often not supported by traditional NDR tools. As a result, you also risk overloading your network while derailing technological evolution and overall competitiveness. 

The increasing encryption of network data also poses a challenge to traditional NDR solutions as they are not able to see inside the payload anymore. This means that hidden threats often go undetected.

Future-Proof NDR

In contrast, a future-proof NDR solution like ExeonTrace evolves with the threat level. As it’s a purely software-based solution, you don’t have to invest in proprietary hardware. 

Unlike traditional NDR solutions, proven smart algorithms power ExeonTrace. It uses your existing infrastructure and lean architecture to detect and respond to threats effectively. It’s also an approach that ensures comprehensive visibility in hybrid environments.

Instead of full network packets, lightweight log data (or metadata) exported from existing network devices are analysed. As such, there’s no need for mirroring or tapping (or purchasing proprietary hardware).

Key Benefits of Implementing a Future-Proof NDR Solution:

Smarter and Superior NDR

The results of our metadata-based approach are equivalent if not superior to full network packet-based analysis. This is because the traditional packet-based analysis can no longer extract information from the payload. After all, the traffic is encrypted. 

Threat Actors Have Nowhere to Hide

By integrating additional log data, such as proxy logs, AD logs, and so on, the meta log data-based approach is more advanced. These data sources also provide information about the contents of encrypted communications and ensure that potential threats have no place to hide within your network.

Next-Gen Network Detection & Response Future-Proofed to Grow with the Threat Level

Already overwhelmed security teams benefit from lightweight set-up and maintenance. Powerful AI and big data algorithms are prepared for increasing traffic and encryption, ensuring adequate support for enterprise security teams. Furthermore, you don’t have to buy new NDR tools as the threat evolves or when your infrastructure scales.

As cyber security threats grow exponentially and become more sophisticated, enterprises must go the extra mile to fortify their infrastructure in real-time (and stay out of the headlines). As such, future-proof NDR now forms the foundation of robust cyber security strategies.

Carola Hug

Author:

Carola Hug

Chief Operating Officer

email:

carola.hug@exeon.com

Share:

Published on:

17.05.2021