With the increasing adoption of XDR (Extended Detection and Response), the architectural question arises as to how NDR (Network Detection and Response and XDR) work together.
Network detection and response tools have matured in customers’ architectures over the years. NDRs continuously monitor networks and associated devices using telemetry data collected from network devices, generated by endpoints, or by deploying sensors to collect such data. NDR leverages this telemetry data to primarily provide unmatched visibility into an environment of managed and unmanaged devices, then analyzes traffic patterns to detect abnormal behavior caused by potential threats such as data exfiltration, botnet activity, and others. Additionally, an NDR becomes the main repository of network telemetry for an analyst conducting threat hunting and forensic investigations.
On the other hand, XDR is an aggregation and correlation technology with the main goal of detecting incidents while simplifying and speeding up threat response. XDRs leverage a variety of integrations to correlate detections from different technologies and telemetry sources, painting the overall picture of an attack in a simplified, enriched and correlated manner, making it very easy for a SOC analyst to draw conclusions and the source Using individual, point-of-product technologies, you can stop an attack and respond to threats in minutes instead of hours or days.
Cisco Secure Network Analytics (Cisco NDR) with the modernized data store architecture provides:
- The fastest and largest scaling NDR on the market that provides the best user experience with traffic analysis from various forms of network telemetry, including traffic flows, firewall logs, and endpoint visibility data via Cisco Secure Client’s Network Visibility Module.
- Latest detection models: Secure Network Analytics provides next-generation converged analytics capability to automatically assign device roles based on behavior and detect threats using improved detection techniques.
Extending Secure Network Analytics through integration with Cisco XDR takes these capabilities to the next level by:
- Correlation with other technologies: XDR correlates NDR EDR, email detection and threat intelligence, and many other Cisco and third-party technologies that extend NDR beyond the boundaries of network detection.
- Expand the response ecosystem: With the built-in and customizable incident response capabilities in Cisco
- Discovery statement Secure Network Analytics’ detections are based on behavioral and machine learning detection techniques, which are advanced techniques that can detect slow and hidden threats. When combined with Cisco XDR, these detections are confirmed by correlation with detections from other technologies to form an end-to-end incident that explains threat activity across multiple threat vectors.
The bottom line is that Secure Network Analytics and Cisco XDR work very well together by complementing each other. Secure Network Analytics detections and telemetry are a source of data feed into XDR. XDR collects it along with other data from multiple technologies to identify incidents without having to focus on network-based detections or visibility because it is delivered via NDR. The implementation of a solution depends on the specific needs and requirements. If you want to improve your network visibility and network discovery capabilities, this is provided with NDR. However, if your main goal is to improve your threat response capabilities and gain a comprehensive view of incidents, use XDR.
We’d love to hear what you think. Ask a question below, comment, and stay connected to Cisco Secure on social media!
Cisco Secure Social Channels