Reinforcing cybersecurity: How NDR and EDR integration defends against ransomware with AI-driven precision
Based on the explosion of ransomware, combining network and security through strategies, such as network detection and response, is important since an NDR detects, analyzes and responds to threats in real time.
Given that an NDR complements other security measures through enhanced network traffic visibility and real-time response, it helps maintain a strong cybersecurity posture, according to Kanaiya Vasani (pictured), chief product officer of ExtraHop Networks Inc.
"NDRs have started to subsume a lot of the other point products in the network," Vasani said. "[Intrusion detection system] product is now a feature in an NDR. A packet solution is now a feature in an NDR. Asset visibility and attack surface management is a feature in an NDR. Cloud detection and response is a feature in an NDR. Combining a lot of point products and consolidating them in one platform that you can deploy for everything you need from a security standpoint in the network."
Vasani spoke with theCUBE Research's Rebecca Knight and Dave Vellante at Fal.Con, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed the key role that NDR strategy plays in the mitigation of cyberattacks. (* Disclosure below.)
To mitigate advanced threats and reduce the mean time to detect and respond, combining EDR and NDR strategies is important. Artificial intelligence also fits into the picture because it speeds up the entire protection process, according to Vasani.
"To keep the bad guys out, you need a resilient cybersecurity infrastructure, which means going back to this basic concept of defense in debt," he noted. "EDRs can become your first line of defense. NDRs become your second line of defense. Together, they can provide the most robust coverage out there and then leveraging gen AI in a big way in terms of your ability to go and do threat hunting through natural language queries."
Based on ExtraHop's recent Global Ransomware Trends report, bad actors continue to wreak havoc across different sectors. As a result, teaming up an NDR and EDR is needed for an organization's infrastructure to be completely protected, Vasani pointed out.
"It is a scary world we live in," he stated. "When we survey through this report, the majority of the customers had 10 or more ransomware incidents in their network, in their infrastructure last year. 91% of customers had to pay ransomware. The coverage you get through endpoint detection solutions is about 50 to 60%. The remaining 40% is where we come in. We can give you complete visibility and the same level of protection for that remaining 30 to 40% of infrastructure that is out there."
The collaboration between ExtraHop and CrowdStrike Inc. is coined around the Next-Gen SIEM initiative, which redefines security operations through enhanced automation and AI capabilities. For instance, automating incident investigation and response processes for out-of-the-box solutions, according to Vasani.
"We are very grateful and proud to acknowledge that we were recognized as the Ecosystem Innovator of the Year by CrowdStrike," he stated. "We talk about the deep collaboration we have with CrowdStrike in their Next-Gen SIEM initiative and that's the innovation that led to the award as well. Both parties were very clear that this whole idea of a SOC client is what we need to build this solution around. How do you correlate network detections with endpoint detections?"
Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of Fal.Con: