2020-08-03T14:48:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 7
  • 1398

How does Network Detection and Response (NDR) Differ from SIEM?

Hello community, 

What are the differences between how NDR and SIEM work? 

What are the pros and cons of each? Is it necessary to have both types of tools?

7
PeerSpot user
7 Answers
WM
VP of Marketing at CyGlass
Vendor
2021-09-06T23:46:07Z
Sep 6, 2021

The answers are all solid. 


I would add that NDR tools do not look just at network traffic. Most of the vendors have realized that the cloud is now part of the network and are intaking and analyzing AWS, Google, and MS cloud information looking for risks and threats. 


I would also add that many mid and small-sized companies either outsource or do not run a SIEM because they are complex and require security analyst resources they often cannot afford.  


Many will run EDR and NDR on-premise or outsource the entire stack to an MSSP and MDR vendor.

Search for a product comparison in Security Information and Event Management (SIEM)
Angela Heindl-Schober - PeerSpot reviewer
Head of International Marketing (EMEA & APJ) at Vectra AI
Vendor
2021-09-06T06:29:10Z
Sep 6, 2021

"SIEM's are incredibly fixable technology platforms that can be used within your environment to discover advanced threats and to fill gaps in coverage for other tools. In theory, you could replicate a lot of EDR use cases in a SIEM by forwarding all endpoint data and building your own searches and data models but it wouldn't be cost- or operational-effective. This is why we have EDR tools. 


The same goes for NDR. While many organisations have attempted to solve NDR use cases with their SIEM tools but have had limited success and are quite cost-prohibitive to build and maintain these solutions. Networks threats are getting more complex and more widespread and organisations need to invest in specialist tools like NDR that provide insights into the threats within your network rather than solutions that just allow you to search on raw data. While most organisations will more than likely require a SIEM to fill some edge cases in their technology stack more often than not organisations save in both upfront and ongoing costs by investing in a strong NDR solution before investing in a SIEM". 

LM
CISO at a religious institution with 501-1,000 employees
Real User
Top 5
2021-03-23T15:48:42Z
Mar 23, 2021

Your SIEM should receive and process traffic generated by your NDR as well as events from your endpoint protection systems, server event logs, infrastructure device logs and cloud services logs then be able to correlate these data points to highlight suspicious patterns or anomalies.  The SIEMs can then send commands to perimeter and point systems in certain cases to interrupt such activity or just alert to them.

Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
2021-03-22T14:25:13Z
Mar 22, 2021

SIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.) and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools offer a central place to collect events and alerts, security data from network devices, servers, domain controllers and more. In a simple way, EDR may be a just another "sensor-type" and "SIEM" stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.

DK Shrivastava - PeerSpot reviewer
Vice President & Country Head at Inspira Enterprise
Reseller
Top 10
2021-03-22T07:43:13Z
Mar 22, 2021

NDR is just analysis of network behaviour and forms a part of SIEM strategy. it can only detect anomaly in network traffic flow . SIEM takes logs of network flow also.

Nicholas Arraje - PeerSpot reviewer
Regional Sales Director at Bricata, an OpenText Company
Vendor
2021-09-07T13:06:30Z
Sep 7, 2021

NDR and SIEM are two different types of tools used by security professionals.  


You don't need a SIEM to run an NDR solution or vice versa. Larger organizations or mature organizations tend to have both in addition to other tools like EDR and SOAR. 


Today's NDR's are typically designed to provide network visibility and detection across your entire network (East-West, North-South) and yes the network is no longer just your on-prem environment. It also includes your Cloud environment as most NDR solutions support AWS, Azure, and GCP.  


NDR tools can generate PCAP data, network log and metadata, and alert data all of which can be consumed by a SIEM.  


SIEMs in many organizations are the log aggregation tools and data laking solutions for the security team. For small organizations that just want NDR, most solutions offer their own UI and don't require a SIEM. 


For those organizations that already have a SIEM, the NDR is one of the most valuable tools to generate forensic data. 


You can learn more about NDR solutions from Bricata's ebook on "What to look for in an NDR". 

Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,862 professionals have used our research since 2012.
SJ
Staff - Cost accounting with 10,001+ employees
User
2021-03-22T04:14:31Z
Mar 22, 2021

hello.
NDR generate source events from network traffic.
SIEM gethering one or more as well as NDR events AND correlation analysis.
So company need both system

Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Nov 17, 2022
Hi community,  I am a Service Delivery Manager at a medium-sized tech services company. I am researching PSIM (Physical Security Information Management). What are the main use cases and benefits of products that fall under this category? Thank you for your help.
See 1 answer
IA
Principal Consultant Cyber Security at Servian
Nov 17, 2022
Physical security of an information management system assures security by implementing protective controls to a location that hosts your most confidential data. For example, when you access data centers physically to access servers, storage, routers, switches, etc. Similarly, when you are accessing the location (warehouse, IT department, finance or HR department) with malicious intentions to discover the possibility of a targeted attack which could be by inserting the infected USB drive, stealing confidential documents, taking pictures, finding the ways to access the data centers from elevators to the reception to the data center. ISO27001:2013 explains in detail what protective controls must be there to ensure physical security like access cards, port security, identification, CCTV, Biometrics, preventing WIFI access outside the location, fire alarm system, assembly points, etc.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 5, 2022
Hi dear professionals, Can you share with the community 2-3 top pain points you've been experiencing during the Security Information and Event Management (SIEM) solution purchase? How have you been able to overcome them, if at all? Thanks for sharing your knowledge with other peers.
See 2 answers
JK
CEO at a tech consulting company with 1-10 employees
Jun 30, 2022
1. License models are not communicated transparently which makes planning complicated. You have to talk to multiple people at multiple vendors in several meetings to fully understand the cost scaling factors. That is quite time-consuming. You can overcome this when you just dictate price limits - yes you can actually do that. 2. Planning and conducting a PoC can be a challenge. Depending on how a PoC process is being setup by the vendor. You can overcome this if you ask for the PoC Procedure Plan right from the initial contact with the vendor and use it for internal planning.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Aug 5, 2022
Volume versus costs.Using an intermediate (free) tool to store, transform data and  forward only the sumarization (smartdata) of what really matters.
Related Articles
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. While both security solutions are integral components of cybersecurity infrastructure, they have different capabilities, functions, and roles. Do you need SIEM if you already have a firewall? If you have questions about the difference between SIEM and firewall, you have come to the right place....
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Apr 4, 2022
Hi peers, This is our new Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members. Trending Is RPA beneficial for a healthcare organization? With the increasing risk of cyber attacks in the west, due to the war in Ukraine, how safe is your data in the cloud? Articles 8 Business Automation Ideas to Save Time and...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members. Trending What open-source HCI solution do you recommend? How much time does SSO save? What are the main technical differences between Microsoft Power Automate and Blue Prism? Articles Top HCI in 2022 What is Web Design? The Ultima...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 4, 2022
Hi community members, Here is our new Community Spotlight for YOU. We publish it to help you catch up on recent contributions by community members. Do you find it useful? Please comment below! Trending Top HCI in 2022 What are the main differences between XDR and SIEM? Articles Top 5 Ethernet Switches in 2022 SASE: what is it and what are the main benefits? Questions Che...
Related Articles
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
SIEM vs. Firewall
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. W...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Community Spotlight #17
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summ...
Download Free Report
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
656,862 professionals have used our research since 2012.