With increasingly distributed networks, many organizations have adopted Zero Trust Network Access (ZTNA) solutions to strengthen security and reduce their attack surface. This is an important step forward, but a zero-trust posture still cannot provide 100% protection against advanced threats, especially those developed by nation-state actors and sophisticated criminal rings.
For these types of advanced threats, many enterprises are complementing ZTNA and other security solutions with Extended Threat Detection and Response (XDR) systems. XDR systems use behavioral analytics to detect anomalous patterns indicative of an advanced attack. This behavioral analysis is performed on large volumes of enterprise-wide user, device and network traffic data, with rules for actions to be taken to mitigate potential attacks.
The results of this analysis and the effectiveness of the XDR system depend on the information that is made available to it. The more accurate and precise the data fed to the XDR system, the more reliable and successful the detection of the threats.
XDR comprises two main functions: Network Detection & Response (NDR) and Endpoint Detection & Response (EDR). As the names suggest, the main role of NDR is to detect and prevent intrusion of the network as a whole, while the goal of EDR is to stop intrusion at the endpoint (e.g., through anti-virus solutions). Both NDR and EDR use a combination of trusted technologies: 1. Intrusion Detection/Intrusion Prevention Systems (IDS/IPS) for NDR and 2. Endpoint Protection (EPP) for EDR to detect primarily known threats, and 3. machine-learning enhanced behavioral analyses based on Advanced Anomaly Detection (AAD) to identify unknown or hidden threats that have evaded these systems.
Enea Qosmos technology not only identifies and classifies network traffic, but also provides highly detailed and accurate information on each flow. It is used as a data foundation to support AAD in both NDR and EDR, and to enhance existing rule-based detection capabilities within IDS and EPP components.
Enea’s Qosmos ixEngine® software delivers the data that fuels advanced analytics within XDR solutions. It passively and non-intrusively inspects and analyzes raw telemetry data (rather than logs) to provide detailed, highly accurate data about the protocols, applications, services, users, files, flow characteristics and devices associated with traffic flows.