Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Your 2021 Security Strategy:
NDR or XDR?
December 9, 2020
2020 brought with it a series of changes (with very little notice) and left even less time for planning. The proliferation of remote access and accelerated cloud adoption will only continue in 2021, but this time we’ll have a bit more time to prepare. It’s time to think critically about what’s working in your security strategy and what could stand to be improved. The addition of network detection and response (NDR) to your toolset may be the critical missing link.
There are a number of potential data sources for security. In an ideal world, you’d have a single, shimmering lake of information, with every tool looking at the same data. Unfortunately, that’s not the world we live in. Data isn’t water: it’s complex and abstract, existing in many different formats and languages.
Traditionally, security professionals have looked first at the data provided by endpoint and logging tools. Until recently it was impossible to process 100% of a network’s data – there was simply too much of it. Now with machine learning, and by using the vast computing power of the cloud, technology can drink from the data firehose for us and return actionable insights.
Because of technology advances, NDR can process and reveal insights into the large data sets generated by network traffic. You should consider reversing the traditional approach by looking at network data first and using that as the foundation of your security strategy. That’s where NDR comes in.
Network detection and response is one the fastest growing cybersecurity categories in the market today. NDR solutions complement and enhance the current capabilities of log aggregation and analysis tools (SIEM) and endpoint detection and response (EDR) products.
NDR solutions passively ingest and analyze Layer 2 to Layer 7 network data and monitor north-south and east-west traffic. This solution category generally applies advanced behavioral analytics and cloud-scale machine learning to rapidly detect, investigate and respond to threats that might otherwise remain hidden.
Network data is a foundational source of information. Maybe it’s tautological, but looking at the network can tell you what’s on your network. Being able to see every transaction that spans the network offers an understanding of your attack surface without needing an agent on every device. It offers a logical starting place from which to build.
For example, network traffic can potentially identify every device that’s connecting. That comprehensive inventory can be used to ensure that endpoint agents are deployed on every device that can support them (and that devices which can’t support agents are still monitored).
There are many cases where network visibility can expose the blind spots that other tools miss. Those traditional security tools also have gaps in their cloud coverage, and with cloud adoption rapidly accelerating, there’s a strong case for NDR as a central tenet of security.
We’re living in a hybrid and multi-cloud world. The complexity of these infrastructures makes seamless security coverage a real challenge.
By working with cloud providers to open up packets to security vendors, network detection and response has enabled the same comprehensive visibility in the cloud that it gives elsewhere. Higher-quality insights and fewer false positives can save time and prevent alert fatigue for chronically understaffed security professionals. Decisions can be made in real time and in context, based off of the most powerful, objective, complete source of data: the network.
That’s why network detection and response is one of the top-growing segments in security today.
A (very) simplified overview of extended detection and response (XDR) is that it ingests data from many different sources, applies machine learning for detections and puts it all into a single UI. That probably sounds appealing to most network pros. There’s certainly the potential to simplify workflows if the alternative is three or more separate UIs, although integrations can arguably offer similar benefits.
One challenge to the XDR model goes back to that non-uniform data lake. Machine learning requires a consistent and well-understood set of normalized data. Every security product has developed its own data models and each model is inherently distinct due to the way different products function. As such, no single ML model would work for another product’s data set.
Processing and drawing meaningful conclusions from endpoint data is a completely different kettle of fish than understanding network data. The question is: how likely is it that the vendor best at understanding logs is also going to be the best at analyzing the network?
Most XDR solutions come with the risk of vendor lock-in, preventing security teams from seeking out best-of-breed solutions for network, endpoint and logs. It risks limiting them to a single vendor’s options. Should you throw out your best-of-breed tools to go back to the UTM model of the early 2000s?
Network data should be a foundational component of your security strategy, and it’s worth considering pure-play network detection and response over a solution with some high-level network monitoring included in the mix. Looking for vendors with strong integrations and core competencies that align with their product portfolios can simplify your workflows faster than that all-in-one XDR dream.
November 16, 2020
While cloud APIs can streamline processes, they can also invite in new security risks. ExtraHop’s Matt Cauthorn offers best practices to stay secure.
October 29, 2017
The United States Department of Homeland Security identifies 16 critical infrastructure sectors whose assets, systems and networks—whether physical or....
October 13, 2020
This post examines the medical device vulnerability problem and offers tips to reduce risk, thereby protecting patients and business operations.
Let us know what you need, and we will have an Optiv professional contact you shortly.