Defense & Operations
NDR (Network Detection and Response)
Also known as: Network Detection and Response, Network Traffic Analysis, NTA
Definition
A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.
Examples
- Vectra AI detecting beaconing from an internal host to a low-reputation domain over HTTPS.
- Zeek-based NDR alerting on RDP lateral movement between two desktop subnets.
Related terms
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
XDR (Extended Detection and Response)
A security platform that unifies telemetry from endpoint, network, identity, email and cloud sensors to deliver correlated detections and integrated response actions.
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.
Deep Packet Inspection (DPI)
An inspection technique that examines the full payload of network packets — not just headers — to identify applications, content, and threats.
Threat Hunting
Threat Hunting — definition coming soon.