Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
English
Entry № 805

NDR (Network Detection and Response)

Reviewed byCybersecurity entrepreneur & security researcher

What is NDR (Network Detection and Response)?

NDR (Network Detection and Response)A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.

Network Detection and Response (NDR) deploys sensors at strategic network points (core, perimeter, cloud VPCs, east-west between segments) to inspect packets, flow records (NetFlow, IPFIX, Zeek logs) and decrypted traffic. NDR builds behavioral baselines of hosts, users and protocols and applies ML, signatures and threat-intelligence matching to detect command and control, lateral movement, data exfiltration and anomalous protocol use that endpoint tools may miss. Tight integration with EDR/XDR, SIEM and SOAR allows automated response such as TAP-based blocking, ACL changes and host isolation. Common vendors include Vectra AI, Darktrace, ExtraHop and Corelight.

Examples

  1. 01

    Vectra AI detecting beaconing from an internal host to a low-reputation domain over HTTPS.

  2. 02

    Zeek-based NDR alerting on RDP lateral movement between two desktop subnets.

Frequently asked questions

What is NDR (Network Detection and Response)?

A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response. It belongs to the Defense & Operations category of cybersecurity.

What does NDR (Network Detection and Response) mean?

A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.

How do you defend against NDR (Network Detection and Response)?

Defences for NDR (Network Detection and Response) typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for NDR (Network Detection and Response)?

Common alternative names include: Network Detection and Response, Network Traffic Analysis, NTA.

Related terms

See also