Tuesday, February 7, 2023

7 Network Detection and Response (NDR) Case Studies

Cybersecurity can be challenging as networks grow increasingly complex and demand for IT talent rises. Amid these trends, automated network detection and response (NDR) solutions are some of the best tools companies have at their disposal.

NDR platforms scan networks for unusual activity to find and respond to potential threats. These early warnings help prevent and mitigate cyberattacks, even when companies don’t have enough IT staff to continually monitor their systems. Here’s a closer look at how several organizations in different industries use NDR tools to stay secure:

7 NDR case studies

  1. Coca-Cola Bottlers Management Service
  2. City of Las Vegas
  3. Narvar
  4. Asante Health
  5. American University
  6. Lake Trust Credit Union
  7. Rackspace

1. Coca-Cola Bottlers Management Service

Coca-Cola’s China-based bottling plant SCMC has considerable network needs. As it implements more Industry 4.0 technologies, the need for fast-acting, effective security becomes increasingly clear.

SCMC turned to Sangfor Technologies for managed security services for help monitoring this network. Automated threat hunting, where artificial intelligence (AI) algorithms scan for potential breaches, is an integral part of that system. The plant uses this technology to continuously look for attack attempts on their Internet of Things (IoT) devices without needing a larger in-house security workforce.

One of the leading benefits of security automation is how it reduces IT workloads. That was a crucial advantage for SCMC, which recognized it is most vulnerable around the holidays when IT staff may not be in the office. That’s no longer a security threat now that the network detection and response are automated.

SCMC’s solution also monitors for non-compliance with company standards. This helps streamline regulatory compliance and find cases of employee misuse, addressing vulnerabilities from human error or malicious insiders.

Industry: Manufacturing

Network detection and response offering: Sangfor Technologies Managed Security Service

Outcomes:

  • Provided 24/7 network monitoring
  • Accelerated threat responses to under half an hour
  • Reduced security vulnerabilities around holidays

2. City of Las Vegas

The growing smart city movement means governments are implementing IoT connectivity throughout urban areas, making cybersecurity a matter of public safety. Las Vegas joined this trend and uses network detection and response technologies to keep it safe.

Las Vegas is home to automated public shuttles, IoT-connected security cameras, connected traffic systems, and more smart city infrastructure. These systems make life more convenient for citizens and visitors but introduce new security challenges. With so much connectivity, one cyberattack could cause widespread damage.

The city uses self-learning AI threat detection to protect this infrastructure. The solution teaches itself how each device and city employee typically behaves, making it easier to spot unusual network activity.

Instead of defining a threat, the system learns the city’s typical networking footprint and is suspicious of anything outside of those boundaries. As a result, it can detect and isolate attacks from known and novel malware strains. Since its implementation, it’s already stopped a spear phishing attack that might’ve bypassed traditional security controls.

Industry: Government

Network detection and response product: Darktrace

Outcomes:

  • Enabled autonomous responses to novel threats
  • Shortened response time to a matter of seconds
  • Allowed further smart city growth

3. Narvar

Customer experience (CX) platform Narvar helps online businesses build order management and tracking systems to meet shoppers’ needs. With more than 7 billion interactions annually, managing these systems carries significant cybersecurity requirements.

“We realized we needed to deploy a security solution that can scale with our operations without creating any disruptions or delays,” says Ram Ravichandran, CTO, Narvar.

The answer was an NDR system from Blue Hexagon. This solution uses deep learning (DL) to inspect transactions in near real-time, including zero-day exploits.

The NDR solution scans traffic flows in under a second on average. This ensures Narvar’s clients can offer seamless e-commerce experiences to their customers without jeopardizing security. Because the solution is also cloud-native, it scales across the company’s multiple availability zones as quickly as needed.

Similarly, the NDR system scales automatically with peak traffic during the holiday season. This ensures a boom in server requests doesn’t endanger Narvar’s clients’ security.

Industry: E-commerce

Network detection and response product: Blue Hexagon

Outcomes:

  • Near real-time threat detection
  • Protection from zero-day exploits
  • Near zero downtime scalability across multiple availability zones

4. Asante Health

Hospitals store vast amounts of sensitive data, and the U.S. medical system is already one of the most expensive globally, making the costs of any breaches severe.

Asante Health, a health care provider with more than 200,000 customers, understands these risks well. In 2021, one of their partners fell victim to a ransomware attack that left them offline for 30 days. Asante turned to a network detection and response solution from ExtraHop soon after to prevent a similar event in the future.

Like other leading NDR solutions, this system uses machine learning (ML) to determine a baseline for normal network behavior. The longer it’s in use, the better it gets at eliminating false positives while improving response to actual threats. This automation lets Asante see their increasingly complex network without a larger IT workforce.

SSL decryption lets NDR users see everything happening on the network, even where conventional tools may not work. This increased visibility helped the organization find and address a substantial SQL vulnerability before cybercriminals could capitalize on it.

Industry: Health care

Network detection and response product: ExtraHop Reveal(x)

Outcomes:

  • Improved network visibility
  • Boosted detection accuracy
  • Stopped a significant SQL vulnerability

5. American University

Education deals with considerable amounts of personally identifiable information (PII). Higher learning institutions, like American University, must protect thousands of sensitive records while ensuring cloud systems work efficiently.

American University manages roughly 60,000 users across 20,000 devices and 700 servers. The institution uses NDR automation to monitor their complex network.

“Intrusion detection requires a security analyst to sift through volumes of signature hits. … We really needed a better, faster way to drink data from the security fire hose,” says Eric Weakland, director of information security, American University.

The university’s new system automates attack detection and response through AI. This solution also prioritizes tasks automatically, determining which events deserve the most attention and assigning them to IT staff accordingly. That organization enables faster responses to the most pressing issues.

Over time, the system also recognizes attack patterns, suggesting broader security changes to improve protection. The university can use this insight to ensure they stay secure as their network grows and adapts.

Industry: Higher education

Network detection and response product: Vectra Cognito NDR

Outcomes:

  • Reduced response times by 20%
  • Gave IT teams more time to focus on critical issues
  • Improved visibility across the attack life cycle

6. Lake Trust Credit Union

Lake Trust Credit Union, one of the largest credit unions in the U.S., manages $1.8 billion in assets across 22 branches with more than 175,000 members.

Demand for digital banking means Lake Trust must protect an ever-increasing network of devices nationwide. Consequently, its security tools must be fast-acting and flexible, catching all threats possible across various data centers, endpoints, and departments. NDR was the natural solution.

Lake Trust’s NDR system collects and analyzes data without third parties, reducing IT sprawl and improving security. It then forms behavioral models for each device and user to spot unusual behavior, regardless of where in the network it occurs. Because it temporarily stores network telemetry, it can also help pinpoint where these threats arise, informing bigger security improvements.

This NDR solution also checks the network for regulatory compliance, highlighting anything that may land the credit union in legal trouble. IT teams can then implement any necessary patches to comply with increasing data privacy regulations.

Industry: Banking

Network detection and response product: Cisco Secure Network Analytics

Outcomes:

  • Improved threat visibility across remote endpoints
  • Streamlined regulatory compliance
  • Accelerated threat response despite a small security team

7. Rackspace

Rackspace is an IT service provider, offering managed cloud services to two-thirds of the Fortune “100” and more than 300,000 customers.

Originally, Rackspace responded to threats as they arose, but they soon found this approach was insufficient. The company needed a more proactive approach as cybercrime and security workloads grew. Automated network detection and response tools paved the way for that change.

Rackspace’s NDR solution classifies all network traffic in real-time, providing rapid and context-rich analysis of any security issues. These insights ensure teams can see larger trends that lead to vulnerabilities on top of responding to threats faster. They can adapt to improve their security and hunt for threats proactively as they gain more of this information.

This automation and information let Rackspace’s security workers spend less time responding and more time hunting. As a result, they can prevent more breaches and become better at stopping threats over time.

Industry: IT services

Network detection and response product: Symantec Security Analytics

Outcomes:

  • Shortened response time frames from hours to minutes
  • Improved network visibility
  • Enabled proactive threat hunting

Similar articles

Latest Articles