Networks are everywhere. They encompass every phone, tablet, laptop, PC, server, router, and switch. They extend along fiber and ethernet lines as well as satellite and Wi-Fi. Increasingly, network connectivity is part of everyday objects such as cars, appliances, and other gadgets. Danger can lurk anywhere. All it takes is one piece of sloppy security or a hacked system or even an unsecured sensor and cybercriminals are free to conduct all kinds of nefarious deeds. Network detection and response tools are there to deal with these threats.
Here are some of the top trends in network detection and response:
1. Tool consolidation
As companies continue to adopt Secure Access Service Edge (SASE) platforms, the need for current point solutions dedicated to network detect and response is declining. These solutions sit in the middle of the network connection. They do not require the complexity seen in some current offerings.
“Instead, critical network data is developed natively as part of the SASE/SSE platform and shipped off to large data lakes which are mined with ML and AIOps tooling,” said John Spiegel, Director of Strategy, Field CTO and Co-Host of the SSE Forum, Axis Security. “The deep analytic insights created can be leveraged for security forensics and critical digital experience information enabling both the Security Operations Center (SOC) and Network Operations Center (NOC) teams to understand security risks and applications performance metrics from a unified platform.”
2. API security
The application programming interface (API) is becoming the de facto method to integrate heterogeneous software. It is also the glue that connects different software components that form a web application. However, threats to APIs are poorly understood, in part because API security frameworks are still evolving rapidly. Also, discovering the total number of external and internal APIs in an organization is far from easy.
Detection and response (MDR) solutions are evolving to address API security concerns through monitoring capabilities, complemented with API protection and specialist API security solution integrations, said A.N. Ananth, President and Chief Strategy Officer at Netsurion.
3. Terminology evolution
The market used to use the term endpoint detection and response (EDR). More recently, different monikers have appeared. Network detection and response is one. But there have also been extended detection and response (XDR) and managed detection and response (MDR). In the latter case, a managed service provider (MSP) or vendor takes over the provision of service from the business and delivers it over the cloud. MDR services are also incorporating access to SOC resources that are on call to resolve any and all issues that may crop up. In this age of lack of access to skilled cybersecurity talent, such services are in great. demand.
“More and more, buyers will move to SOC-like services for detection and response capabilities,” said Ananth. “MDR vendors will need to focus on emerging threats and large adversaries such as criminal gangs and nation states who are targeting the mid-market.”
4. MDR industry verticalization
MDR is currently delivered as a horizontal service that cuts across all industries. Recent attack campaigns by organized crime syndicates, however, have started profiling industry applications and architectures to identify vulnerabilities for penetration.
“This calls for MDR offerings to integrate industry characteristics into detecting and responding to verticalized deep attacks,” said Ananth. “This essentially means better capabilities to integrate with business applications and technologies specific to an industry vertical, with corresponding use cases for detection and response mechanisms.”
5. Multicloud MDR
The pandemic accelerated cloud adoption and many organizations use more than one provider. Buyers, therefore, are gravitating toward solutions that provide a unified view of multi-cloud and SaaS threats. These organizations also expect a unified, automated framework to onboard, discover, and monitor cloud resources such as Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) resources.
“Legacy networks and security architectures are inadequate and cannot provide the necessary security and performance in a user and application environment that has become highly distributed, interactive, and mobile across the Internet,” said Mauricio Sanchez, analyst at Dell’Oro Group.
The trend, therefore, is for businesses to view network detection and response as an all-encompassing item that not only covers on-prem devices and network resources. It spans every aspect of the network including any and all cloud resources within the organization’s extended perimeter. Tools must be able to deliver this functionality. If they only address Azure and not AWS for example, they will lose out to vendors that can function on any and all cloud resources. Gone are the days when enterprise put all their cloud assets on Google or Azure or AWS. These days, they typically have apps running on all of them.