What NDR does
NDR solutions analyse network traffic patterns to identify anomalous behaviour indicative of cyberattacks. Unlike traditional perimeter security, NDR provides visibility into lateral movement within a network, detecting threats that have already bypassed initial defences. NDR often incorporates anomaly detection, behavioural analysis, and machine learning to identify suspicious activity that might be missed by signature-based systems. NDR is a key component of extended detection and response (XDR) strategies, providing network-level context to enhance threat detection and response capabilities.
NDR in Microsoft and AU
In Microsoft 365 environments, Defender for Identity (formerly Azure ATP) provides a degree of NDR functionality, specifically focusing on Active Directory traffic analysis. Many AU mid-market organisations supplement this with third-party NDR solutions like Darktrace or ExtraHop, particularly those with more complex network architectures or heightened regulatory obligations. Given the ACSC Essential Eight’s emphasis on network segmentation and monitoring, NDR aligns with mitigation strategy 4. Organisations subject to APRA CPS 234 or CPS 230 may find NDR valuable for identifying and responding to threats targeting critical systems. The Notifiable Data Breaches scheme further reinforces the need for robust network monitoring capabilities.