In an exclusive interview with CRN India, Sharda Tickoo, Country Manager for India & SAARC, Trend Micro, delves into the critical role of Network Detection and Response (NDR) in bolstering cybersecurity strategies. As organisations grapple with expanding networks, the rise of unmanaged devices, and evolving cyber threats, Tickoo highlights how NDR complements tools like EDR, XDR, and firewalls by offering deeper network visibility and faster threat detection. She explains how NDR addresses the unique security challenges posed by hybrid work environments, enhances risk management, and supports key stakeholders like SOC teams and IT leaders. With best practices for effective NDR deployment, this interview emphasises why NDR is vital for staying ahead of sophisticated cyber threats and protecting organisational assets.
How do NDR solutions enhance the overall cybersecurity strategy of a company, especially when compared to other tools like EDR, XDR, firewalls, and IPS?
Network Detection and Response (NDR) enhances a company’s cybersecurity strategy by providing visibility into network traffic that other tools like EDR, XDR, firewalls, and IPS might miss. While EDR zeroes in on endpoints and XDR broadens detection across multiple layers, NDR is particularly effective at catching lateral movements and anomalies throughout the network, even in unmanaged devices. Perimeter defences can be effectively handled with firewalls and IPS, but they can miss threats that manage to get inside. NDR fills this gap by identifying and responding to suspicious activities across the entire network, which is crucial for dealing with sophisticated threats that can move laterally through systems.
With the rapid expansion of attack surfaces and the rise of unmanaged devices, how does NDR address the unique challenges posed by remote and hybrid work environments?
According to industry data, the rapid growth of connected devices, projected to reach 18.2 billion globally by 2025, has expanded the attack surface for organisations. In India, where digital adoption is advancing quickly, this surge, coupled with the rise of decentralised and hybrid work environments, creates unique security challenges where NDR stands out as it actively monitors and analyses network traffic in real-time, no matter where a device is located or whether it is managed. With so many unmanaged devices connecting remotely, traditional security tools can miss critical threats. NDR steps in to address this by offering visibility and insight into these vulnerable areas, including encrypted traffic and lateral movements. This capability is crucial, as it allows security teams to catch and respond to threats that could easily slip through the cracks in a remote or hybrid setup, keeping your network secure even as boundaries become less defined.
In terms of risk management, how do you see NDR contributing to reducing the likelihood and impact of security breaches across an organisation’s network?
NDR plays a crucial role in risk management by continuously monitoring the network for any unusual activities or anomalies. This real-time detection allows security teams to catch potential breaches early, often before they can cause serious damage. By tracking lateral movements within the network, NDR helps to contain threats, preventing them from spreading. Plus, it offers deep insights into how an attack occurred, making it easier to respond effectively and reduce the impact. Overall, this proactive approach not only lowers the chances of a breach but also helps minimise the damage if one does occur, strengthening your organisation’s cybersecurity defences.
What key stakeholders within an organisation stand to benefit most from the implementation of NDR solutions, and how does it align with their specific needs?When it comes to NDR, key stakeholders who benefit from its implementation include Security Operations Centre (SOC) teams, IT security leaders, and executives responsible for risk management. SOC teams gain comprehensive visibility into network traffic, which reduces false positives and allows them to focus on real threats, ultimately lowering stress and improving their efficiency. IT security leaders benefit from a more robust defence mechanism that ensures complete network coverage, especially in hybrid environments where both managed and unmanaged devices need protection. Executives, on the other hand, see value in NDR’s ability to mitigate risks and reduce the impact of security breaches, which helps maintain business continuity and safeguards the organisation’s assets and reputation.
Why should organisations prioritise the integration of NDR into their cybersecurity strategy, especially in the context of evolving cyber threats and expanding networks?
Given the increasing complexity of cyber threats and the expanding attack surfaces, integrating NDR into your cybersecurity strategy is becoming crucial. With the rise of remote work and IoT devices, traditional security measures alone just don’t cut it anymore. NDR offers that real-time visibility and quick response capability that’s crucial for identifying threats that might slip past other tools. By keeping an eye on network anomalies and even encrypted traffic, NDR plays a key role in preventing more sophisticated attacks. Prioritising NDR helps organisations stay ahead of evolving threats, making sure their networks remain secure while minimising the potential fallout from any cyber incidents.
Can you share some best practices for deploying and configuring NDR solutions to ensure they provide maximum effectiveness and coverage across all network assets?
For the most effective deployment of NDR solutions, it’s crucial to focus on achieving comprehensive visibility across your network. Start by integrating NDR into all critical segments, ensuring it covers both managed and unmanaged devices. Regularly updating and fine-tuning detection rules based on the latest threat intelligence will help improve accuracy.
Incorporating behavioural analytics and machine learning is key to spotting anomalies and suspicious patterns. Collaborate closely with your SOC team to establish clear response protocols, which can significantly reduce alert fatigue. Continuous training for SOC teams on interpreting NDR insights and responding to evolving threats is equally important as well. Keeping teams updated on the latest threat vectors ensures they are well-prepared to act swiftly.
Finally, remember that NDR should be part of a broader security strategy. When combined with tools like EDR, ASM, and robust identity management, it offers holistic coverage across your entire network.
