What is NDR (Network Detection & Response)

Since we can not prevent network attacks for everytime, at least we should be detecting them to respond them accurately.

But as you know; false-negatives are problem for detection (you don't want to miss something bad) and false-positives are problem for prevention. (You don't want to block some legitimate & critical business application traffic)

Since we already have a reasonable number of network attack prevention systems (IPSs), the major risk is false-negative problem and to address this, here's some open source solutions for 'network detection & response' need. These solutions are not just plain IDSs, but also have session tracking and raw traffic logging capabilities to address an anomaly.

Thanks Bro!

PS: You can also enrich this platforms with MISP-feeds and follow cases with theHive platform.

And some commercial stuff


Read more posts by this author.