09/27/2023 | Press release | Distributed by Public on 09/27/2023 09:19
The recent Forrester Network Analysis and Visibility (NAV) Wave Report discussed how improved network visibility and network detection and response (NDR) tools, "complement and integrate with security analytics platforms; security orchestration, automation, and response (SOAR) solutions; and extended detection and response (XDR) tools to provide complete visibility and analytics to enable Zero Trust and facilitate response." NDR tools are an integral piece of a complete security operations program and critical to a proactive security posture.
Security teams turn to NDR tools to spot and identify attacker behavior across the MITRE ATT&CK lifecycle. By leveraging the power of artificial intelligence (AI) and machine learning (ML) to analyze network metadata, NDR solutions excel in detecting command and control, lateral movement and data exfiltration techniques and sub-techniques.
In the report, Forrester states that network analysis and visibility (NAV) and subsequently NDR tools are critical to establishing an effective zero-trust framework. NDR tools provide "visibility into all network traffic - north, south, east, and west…" that Forrester notes is another "key Zero Trust tenet." This visibility extends to inspecting payloads beyond contextual information contained in packet headers and providing deep packet inspection (DPI) to detect potential malicious payloads in a DNS request, for example.
Forrester notes several features that potential NDR customers should look for when evaluating NDR vendors:
With two flexible deployment options, FortiNDR for air-gapped environments and FortiNDR Cloud, Fortinet gives security teams the ability to detect, prioritize, investigate, hunt, and respond to attacks across the network.
FortiNDR Cloud is Fortinet's SaaS-based NDR offering. It leverages artificial intelligence (AI), machine learning (ML), behavioral, and human analysis to inspect network traffic. FortiNDR Cloud sensors are deployed throughout the customer's network for metadata collection and sent to the cloud for analysis. The service also provides each customer with dedicated technical success managers (TSMs) that act as trusted advisors who share findings, tune configurations, and help organizations optimize NDR deployments. With FortiNDR Cloud, metadata is retained for 365 days to enable retroactive hunting and analysis.