SANS Institute White Paper

Robust XDR Strategy – Advanced, DPI-Based NDR

Whitepaper: XDR Doesn't Exist Without NDR

One of the more important parts of any organization, and thus a critical part of detection and response strategies, is the network. NDR is an integral part of XDR and should be included in every security posture. Far too often XDR strategies are built around enhanced endpoint capabilities rather than the application of both endpoint and network capabilities.

In this white paper, we clarify that a robust XDR strategy is built on multiple types of telemetry and detection and response technologies. Organizations should be taking advantage of the network telemetry available to them. Adversaries evade endpoint detections, leaving endpoint-centric strategies in the dust. Advanced, DPI-based NDR capabilities allow security teams to get a confident handle on their network footprints and significantly decrease an adversary’s chance at success.

Key Findings:

  • Ensure that advanced, deep packet inspection (DPI)–based NDR capabilities are included in your XDR strategy.
  • Emphasize that an XDR strategy is more than EDR. It should also include a vital part of any enterprise: the network.
  • In years past, organizations have blamed the complexities of “full packet capture” or the sheer size of data as a blocker for implementation and/or successful network analysis. However, technology has advanced significantly, and capabilities for monitoring and utilizing network telemetry are more powerful than ever.

Read the full SANS Report for in-depth analysis of these and many more findings.

Whitepaper: XDR Doesn't Exist Without NDR