Is Traffic Mirroring for NDR Worth the Trouble? We Argue It Isn’t

Community Detection & Reaction (NDR) is an rising technology produced to shut the blind protection spots left by common protection methods, which hackers exploited to obtain a foothold in goal networks.

Today, enterprises are employing a plethora of security answers to defend their community from cyber threats. The most prominent kinds are Firewalls, IPS/IDS, SIEM, EDR, and XDR (which combines the operation of EDR and SIEM). Nevertheless, all these alternatives put up with from stability gaps that protect against them from stopping state-of-the-art cyber-assaults efficiently.

NDR was formulated based on Intrusion Detection Procedure (IDS). An IDS remedy is set up on the network perimeter and monitors the community targeted visitors for suspicious functions.

IDS methods undergo from several downsides that make them inefficient in stopping present day cyber-assaults: IDS use signature-centered detection strategies to explore irregular pursuits, earning them not able to place not known assaults.

In addition, IDS systems cause a huge range of safety alerts. This outcomes in throwing away safety staff time and creating them not able to look into all security alerts. And last but not least, IDS was not created to supply any reaction or investigation capabilities, building it unable to answer successfully to ongoing cyberattacks.

Community Detection & Reaction to extract information from network website traffic

NDR was the reaction to mitigate the downsides that IDS devices are unsuccessful to guard. NDR units go beyond signature-based detection and assess all community site visitors coming within or exiting the community and create a baseline of ordinary network exercise. The baseline is utilized afterwards to assess latest website traffic with common network activity to detect suspicious behaviors.

NDR alternatives utilize advanced systems to detect emerging and unfamiliar threats, this sort of as Machine Learning and Artificial Intelligence (AI). Applying these technologies allows NDR systems to transform data collected from network targeted traffic into actionable intelligence utilised to detect and cease unknown cyber threats.

An NDR resolution can operate automatically independent of human supervision to detect cyber threats and respond to them. NDR can also combine with present protection solutions these kinds of as SIEM and SOAR for increased detection and response.

Traditional NDRs flaws in managing encryption and the rising sum of data

Up until eventually now, NDRs relied on targeted traffic mirroring, ordinarily merged with components sensors to extract the information and facts – quite comparable to how IDS employed to do it. Having said that, there are a few game-changers more and more complicated this technique:

  1. A significant share of world-wide-web website traffic is encrypted, according to the Google Transparency Report, now 90% of the world wide web website traffic. Therefore, the traditional targeted traffic mirroring can’t longer extract details from payload and is consequently shedding its efficiency.
  2. Rising bandwidths and new networking technologies, generating visitors mirroring high priced or even infeasible.
  3. A change to highly distributed hybrid networks wherever simply just analyzing traffic on a person or two main switches is no for a longer period more than enough. Several selection details have to have to be monitored, which would make website traffic mirroring-centered options even extra expensive to work.

Having these developments into account, mirroring networks is not a long run-oriented remedy for securing networks anymore.

ExeonTrace: A dependable upcoming-evidence NDR option

ExeonTrace does not demand mirroring the network targeted visitors to detect threats and decrypt encrypted site visitors it uses algorithms that really don’t function on payload, but on light-body weight network log data exported from an current network infrastructure by using NetFlow.

This allows it to analyse metadata passing by means of the community at numerous assortment points to uncover covert conversation channels used by highly developed risk actors, this kind of as APT and ransomware attacks.

NetFlow is an open regular that permits networking equipment (e.g., routers, switches, or firewalls) to export metadata of all connections passing by way of them (bodily community, virtualised environment, and personal cloud setting – or what is identified as north-south and east-west checking functionality). As a result, this tactic is exceptional for distributed networks which include things like cloud environments as effectively.

ExeonTrace resolution gives thorough visibility around your total IT natural environment, which includes linked cloud expert services, shadow IT products, and can detect non-malware assaults such as insider threats, credential abuse, and details exfiltration. The entire network visibility will make it possible to inspect all network targeted traffic getting into or leaving your organization network.

ExeonTrace will not prevent listed here, as it will keep an eye on all inside interactions in between all units throughout your organization community, to detect sophisticated risk actors hiding in your networks, these kinds of as APT and Ransomware.

ExeonTrace’s utilisation of supervised and unsupervised Machine Discovering designs makes it possible for it to detect non-malware threats, this sort of as insider threat, lateral movement, data leakage, and internal reconnaissance. ExeonTrace also enables the addition of community-based custom rulesets to confirm all end users are adhering to the executed stability guidelines (e.g., stopping people from using distinct protocols). On leading, ExeonTrace can integrate with accessible danger feeds or use a consumer-specific threat feed to detect regarded threats.


NDR methods have develop into a requirement to halt the ever-increasing number of cyberattacks. Conventional NDR options require to mirror the complete network site visitors even though to analyse packet payloads, which is no longer effective in stopping modern day cyber threats that leverage encryption to conceal their activities. In addition, mirroring the complete network website traffic is turning into ever more inconvenient, especially with the huge rise of data volume passing by company networks. A foreseeable future-evidence NDR like ExeonTrace that depends on the examination of metadata makes it possible for to mitigate those people downsides – and need to thus be the imply of alternative to secure company networks effectively and efficiently.

Fibo Quantum