Recently, the global authoritative research institution Gartner released the 2023 "Emerging Tech: Security — Adoption Growth Insights for Network Detection and Response" ("Emerging Technology: Security - Adoption Growth Insights for Network Detection and Response") . Listed as a representative supplier for the NDR market.
At the same time, Gartner also announced "Emerging Tech: Top Use Cases for NDR" in 2023, and Tencent Security NDR was once again selected as an excellent application case.
Gartner mentioned in the report that NDR has always been a fast-growing market. The global market revenue will increase by 23.7% in 2020 and 23.0% in 2021, but the growth will slow down in 2022. However, in the long run, global NDR user spending is expected to grow at a compound annual growth rate of 14.1% from 2021 to 2026.
At present, the network security industry has gradually shifted from the stage of basic security construction to the stage of actual combat and advanced threat attack and defense. The application of artificial intelligence (AI) has also become the focus of the industry.
Gartner pointed out in the report that artificial intelligence remains a key requirement for NDR products. And from the perspective of the market, AI will be one of the core technologies that differentiate NDR from other network security products. AI can not only identify "known" attacks, but also allow NDR to identify malicious and abnormal activities by correlating historical data or identifying malicious and abnormal activities. Discovery of "unknown" attacks. If an NDR product lacks strong AI capabilities, it is likely to be excluded from the buyer's consideration.
Tencent Security NDR (Network Threat Detection and Response) is composed of two products: Tencent Yujie Advanced Threat Detection System and Tencent Tianmu Security Governance Platform. It is an integrated solution of advanced threat detection (APT detection), analysis, traceability and response developed by Tencent. plan.
In the past two years, Tencent Security NDR has been committed to combining threat intelligence to solve the imbalance between attack and defense. At present, Tencent Security NDR has completed the combination of outbound, inbound, and reputation intelligence scenarios, providing accurate detection, analysis, and response capabilities based on intelligence, and has industry-leading competitiveness. It is worth mentioning that Tencent Security NDR can also be combined with attack surface management (ASM) to form a comprehensive asset risk management solution of internal asset dynamic risk management + external asset attack surface convergence, helping enterprises build a proactive security operation system.
Four advantages of Tencent Security NDR:
1. Full detection scenarios: cloud-based collaborative full-flow detection, covering eight security scenarios such as ransomware, email security, and password security, out of the box, focusing on threats through security topics, combined with visual analysis to help customers solve risk problems in a targeted manner .
-
For intranet scenarios, unknown threats, and second-dial IP attacks in the IPv6 era, NDR provides sandboxes, intranet analysis probes, sky screen blocking, full traffic storage, bypass blocking, virtual patches, and second-dial IP protection, etc. The large expansion module provides detection and protection capabilities for more value-added scenarios for customers in finance, government affairs and law, transportation, and energy industry.
-
In response to the needs of industry customers for office network and business guarantee, it provides domain control security, email security, API security, data leakage scenarios and other industry solutions, and supports open interfaces with atomic capabilities, allowing security teams to guarantee business and help business upgrades.
2. Strong detection ability: With leading unknown threat detection ability, AI algorithm + threat intelligence + Hubble sandbox + rule engine, the four major weapons against attack bypass and 0day vulnerabilities.
-
Combined with the top technology of Tencent Security Lab, it provides rules and AI detection models from the perspective of attack, covering common attack bypass methods.
-
0day vulnerability detection and traversing detection capabilities are outstanding; such as common rules to detect java deserialization vulnerability 0day, domain penetration attack, variant webshell, etc.
-
The local dynamic sandbox supports XP, Windows7, Windows10, Linux and other systems, and detects unknown files in real time.
-
Expert-defined strategy management, which can adjust the accuracy and coverage, and professional users can refine the operation through customized strategies.
3. Fast response: comprehensive Internet vulnerability detection mechanism, domestic leading threat intelligence database, real-time linkage, and rapid response to the latest vulnerabilities and events.
-
Perfect Internet vulnerability monitoring mechanism, extensive access to the latest vulnerability information.
-
Establish a high-risk vulnerability sharing mechanism with Tencent Security Joint Laboratory, and discover 0day and 1day vulnerabilities faster.
-
Combined with Tencent's threat intelligence, malicious IPs, overseas access, compromised hosts, etc. can be discovered in a timely manner.
-
Covering cloud, PC, mobile, and laboratory threat intelligence systems, it is the leading threat intelligence library in China.
4. Strong blocking effect: non-invasive bypass blocking attack behavior, closed-loop handling of events, blocking success rate as high as 99.99%.
-
Built-in linked sky screen security management platform, bypass deployment, blocking rate 99.99%, does not affect customer business.
-
Support bypass virtual patch and second dial IP protection.
-
The industry-leading blocking method flexibly adapts to blocking rules in various scenarios.
In the industry-oriented solution, Tencent Security NDR digs deep into the needs of the industry, combines business intelligence + industry intelligence, and provides accurate intelligence data and response to popular vulnerabilities for finance, government and enterprise institutions, transportation, and energy industries, etc. Reinforce in advance. In addition, Tencent Security NDR is adapted to the localized operating system and chip server, and the overall solution is self-controllable.
In terms of practical implementation , Tencent Security NDR is widely used in various application scenarios including daily operation and maintenance scenarios, re-insurance scenarios, and hybrid cloud scenarios. In cooperation with a leading domestic bank , Tencent Security NDR helped it successfully protect more than 3,000 cloud servers and 160 public services and websites, and reduced the number of alarms by 76% through alarm correlation analysis, significantly improving security operations. The efficiency of maintenance personnel in investigating incidents and handling alarms.
In an actual battle of re-insurance , Tencent Security helped a veteran securities company in China to effectively block malicious traffic intrusion through NDR bypass deployment without affecting the company's own business, ensuring the continuity of the company's business and consolidating its Established a security operation center to help it realize the intelligent closed-loop of "detection and response" at the network layer.
In the future, Tencent Security will continue to combine its more than 20 years of practical experience in black and gray production and the top technical capabilities of the security laboratory, continue to invest in research and development, continue to innovate and upgrade NDR products, and help customers realize advanced threat detection, analysis, and traceability in one stop , Response process, and jointly safeguard industrial security.
Tencent Security NDR is a core product under Tencent's "SOC+ Security Operation System". "SOC+ security operation system" is a new concept launched by Tencent Security for the digital transformation of industries, emphasizing the establishment of a closed-loop security operation system of "intelligence-attack-defense-service-ecology" based on threat intelligence operations and offensive and defensive confrontation.
Currently, Tencent SOC+ integrates four major product matrices: TIX Threat Intelligence Center, SOC Security Operation Platform, NDR Network Threat Detection and Response, and MDR Security Operation Services, which can support government and enterprise organizations to establish a security operation system integrating technology, personnel, and processes , to comprehensively improve security protection capabilities and security operation efficiency.
Source *1 Gartner, Emerging Tech: Security — Adoption Growth Insights for Network Detection and Response, Nat Smith et al., 4 April 2023
Source *2 : Gartner, Emerging Tech: Top Use Cases for Network Detection and Response, Nat Smith et al., 5 April 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.