T&M-COLUMN
Threat Detection & Response in Azure Environments For years now, Network Detection and Response (NDR) has been in use for on-premise enterprise environments, and many consider NDR the gold standard for detecting anomalies and security threats. NDR uses network packets (sometimes called wire data) as an essential source of data to analyze since they provide the most complete information of any data source, far beyond what flows, logs, polling, and APIs do.
In recent years, many enterprises have begun to move some (or all) of their applications to the cloud. When doing so, they have encountered gaps in their ability to gather wire data for analysis by NDR (more on this in a minute). Many vendors of cloud security analytics have focused on metadata-based
analytics solutions, partly because metadata is more accessible to collect than wire data in the cloud. Consequently, organizations that have come to depend on the detail offered by analyzing packets have discovered they lost the more detailed detections they have come to rely on in the past.
Greg Copeland
Director Technical Alliances, The cloud providers have begun to respond to this concern, with some Keysight Technologies offering packet mirror capabilities as part of their service.
26 12 | 2021 BISinfotech
