Network detection and response   ( NDR )  has a long history, evolving out of  network security  and  network traffic analysis (NTA) . The historical definition of network security is to use a perimeter firewall and  Intrusion Prevention System (IPS)  to screen traffic coming into the network, but as  IT technology  and  security technology  have evolved due to modern attacks leveraging more complex approaches, the definition is much broader now. Today,  network security  is everything a company does to ensure the security of its networks,  and everything connected to them . This includes the network, the cloud (or clouds), endpoints, servers, users and applications. Traffic from all of these systems must pass over the network, so the network is the logical source of true information about  security  exploits. Analyzing endpoint data and  security tool  logs is not enough to thwart today’s a...

  Ransomware attacks  are occurring at an increasingly staggering pace. The tactics for deploying it are evolving at an equally rapid pace.  Ransomware-as-a-service  providers on the dark web are using  ML  to create zero-day strains, and traditional security technologies are struggling to keep up. What if the  ransomware attack  was only a diversion from the attacker’s real goal? Most attackers establish a foothold within an environment and do a significant amount of reconnaissance before making their move. They can be pervasive in your environment for weeks or months before they deploy a  ransomware attack . This has been corroborated by annual  threat  reports from just about everyone for the last several years. What if the goal was not the ransom but instead your intellectual property? One of our partners was working with a new customer on an IR engagement. They had not purchased any managed services from the  MSSP partner ...

  Security Event  and  Information Management platforms ( SIEMs )  collect data from security logs and in doing so are supposed to identify blind spots, reduce noise and alert fatigue, and simplify detection and response to complex  cyberattacks . However, SIEMs have not lived up to these promises. Now, the new idea is  XDR  – what are its advantages, and should it coexist with or replace a  SIEM ? This paper explores the current  cybersecurity  landscape, how  SIEM  fits into that landscape, and how XDR platforms can significantly improve security incident visibility, analysis and response. The Security Landscape The most obvious thing about today’s security landscape is that threats are on the rise: According to Accenture, 68 percent of business leaders felt their  cybersecurity risks  were increasing in 2020. Risk Based reported that data breaches exposed 36 billion records during the first half of 2020. Proofpoint...