t cht lk
t cht lk
EDR solutions are not infallible to zero-day attacks , supply chain attacks , advanced persistent threats and nation-state actors .
Adversaries can ’ t evade the network : EDR solutions are not infallible to zero-day attacks , supply chain attacks , advanced persistent threats and nationstate actors . If an attacker disables or bypasses the EDR solution on an endpoint , that endpoint becomes blind to the attacker ’ s actions . Virtually all attacks must cross a network and in doing so , attackers create a trail of network evidence . While adversaries can certainly obfuscate their network activity via encryption or by imitating legitimate traffic , they cannot avoid leaving behind evidence of these connections .
Broader device coverage : EDR solutions can only monitor the endpoints on which they are deployed . Many EDRs are not designed to cover embedded devices or systems , IoT devices , Industrial Control Systems ( ICS ), Operational Technology ( OT ) and other unmanageable systems . That ’ s where an NDR solution provides an additional layer of security for every device on the network by monitoring traffic and potential malicious activities on unmanaged endpoints .
Passive asset discovery and inventory : Without a clear understanding of what ’ s on your network , it is challenging to detect anomalies or unauthorised access . NDR ’ s ability to observe all network activity , not limited to just devices with EDR agents , endows security teams with additional identification capabilities for devices , applications , services , certificates , hosts and more . This visibility helps identify devices unknown to their EDR and empowers defenders to map and secure their environment more effectively based on real-time observation of the devices present rather than relying solely on presumed or expected data from an EDR , asset inventory or Configuration Management Database ( CMDB ).
Different detection capabilities : EDR primarily focuses on detecting and responding to threats on individual endpoints . It analyses endpoint content , configurations and behaviour , and can identify potential threats and vulnerabilities . On the other hand , NDR monitors network traffic and analyses network content and behaviour , detecting potential threats that might not be fully visible at the endpoint level . This monitoring can detect lateral movement , command and control ( C2 ) traffic , and other network visible indicators of compromise .
Risk-based alert prioritisation : Most IT teams are unable to remediate every vulnerability , just as most
70 INTELLIGENTCIO EUROPE www . intelligentcio . com