Not the Final Answer on NDR in the Cloud …
Back in my analyst years, I rather liked the concept of NDR or Network Detection and Response. And, despite having invented the acronym EDR, I was raised on with NSM and tcpdump way before that. Hence, even though we may still live in an endpoint security era, the need for network data analysis has not vanished.
As we discussed during this recent webinar, this is not about competing with endpoint or endlessly arguing about what security telemetry is “better.” This is about reminding the security leaders and technologists that network telemetry matters today! Not only in the 1980s (when tcpdump was born), 1990s, 2000s, 2010s, but today in 2020s.
To summarize, network security monitoring still matters because you can monitor unmanaged devices (BYOD, IoT, ICS, etc.), detect threats with no agents, offer broad coverage from a few points, and be out of band (go and see my old Gartner paper for details).
Still, I see a few common misconceptions (more details here in this webinar) about network security telemetry data. I wanted to cover a few and then focus on ONE, in particular.
- You cannot monitor encrypted data: as I discussed here, encryption for sure saps some of the value of network security monitoring, but it does not destroy it. Both layer 3 (flow) and layer 7 (rich metadata) observation have value for encrypted data whereas full packet capture perhaps does not.
- Network monitoring is only an auxiliary control, you need endpoint first: Well, OK, maybe, but so what? You may need an endpoint first,I’ve seen enough environments where it’s the truth.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: Not the Final Answer on NDR in the Cloud …