The once-futuristic vision of a hyper-connected world is now our reality.
Undoubtedly, digital transformation has contributed to unprecedented levels of efficiency, innovation, and global integration in the enterprise tech landscape.
However, as our reliance on technology surges, the dangers posed by cybercriminals have also increased. A 2023 FS-ISAC report reveals that cyber incidents have increased by 15% year over year, with Asia-Pacific organisations experiencing an average of nearly 1,963 attacks per week. This troubling trend is expected to persist well into 2024. As a regional hub for innovation and technology, Singapore is especially vulnerable to these risks, as shown by the increasing number of reported cybercrime incidents.
Traditional security solutions often feel like putting a band-aid on a bullet wound, as today’s cybercriminals continue wielding more advanced tools and tactics.
The question then becomes: How can enterprises stand a chance?
The critical role of AI-driven NDR
Network detection and response (NDR) is a relatively new term for a concept that has been enhancing cybersecurity for about 20 years. Its importance in modern cybersecurity is significant.
Consider the inherent limitations in some of the most used “traditional” cyber defence measures. Firewalls, for instance, while excelling at securing the network perimeter from external threats, may stumble in mitigating attacks originating from within the network. Similarly, it’s common for endpoint detection and response (EDR) systems to completely overlook network-connected equipment, leading to significant security gaps. These include bring-your-own-device policies, industrial systems, printers, network components, and surveillance cameras.
These limitations underscore the role of NDR, as it can provide organisations with a more holistic view of the network. NDR systems use sophisticated algorithms to analyse network traffic for unusual activity and deviations from normal network behaviour, catching threats that might slip past other preventative measures. Enhanced by the adaptive capabilities of AI, today’s NDR can autonomously sift through vast amounts of network data, offering advanced threat detection and response capabilities for modern networks.
Why NDR needs IDS and vice versa
Another technology, intrusion detection systems (IDS), also monitors network traffic. However, unlike NDR, IDS compares traffic against a database of known threat signatures — specific patterns or sequences of data associated with malicious activity. A key limitation of this approach is the reliance on regular signature database updates to remain effective against newer, unknown threats or evolving attacks designed to evade detection.
Nevertheless, when combined with NDR, IDS can enhance its effectiveness. Collaborative deployment with NDR broadens detection capabilities across the entire network, including east-west traffic, and helps in identifying and mitigating insider threats that can cause substantial harm.
The combination of these technologies improves threat detection. NDR can uncover previously unknown indicators of compromise (IOCs), while IDS can identify specific malicious code. This combined approach allows for the recognition of a wider range of both known and unknown threats and provides a better understanding of their nature.
For organisations, this understanding can aid in strategising defence responses and taking more focused remedial actions. This approach can help minimise the impact on unaffected systems and users.
The synergy of NDR and IDS for complete network security
Amidst the escalating threats, key findings from CSA’s first Singapore Cybersecurity Health Report show that local organisations recognise the importance of cybersecurity and are taking steps to protect themselves. These organisations have adopted, on average, about 70% of essential cybersecurity measures. However, CSA advocates for complete adoption to avoid being vulnerable to unnecessary cyber risks.
Integrating AI-powered NDR and traditional signature-based IDS is a step in this direction. This combined approach provides security teams with broader network visibility, including in cloud environments, and helps in addressing a wider range of threats.
The key is to fill any existing gaps in the network and enhance security layers to detect anything that might slip through the cracks.