• About
  • Subscribe
  • Contact
Friday, September 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Technology Endpoint Security

The benefits of AI-powered Network Detection and Response

Melinda Baylon by Melinda Baylon
September 5, 2025
The benefits of AI-powered Network Detection and Response
Share on FacebookShare on Twitter

As online threats become more sophisticated, traditional threat detection may be limited in identifying them, possibly generating a high volume of false positives.

However, relying on traditional tools alone may no longer be sufficient. While endpoint security solutions remain vital in protecting businesses against cyber threats, Pavel Minarik, VP of Product Security at Progress Software, notes that there are some factors to consider when relying solely on them for full endpoint coverage.

This is where Network Detection and Response (NDR) comes into play.

Importance of NDR

Palo Alto Networks defines NDR as a technology that identifies and stops evasive network threats that traditional tools may miss, especially those that known attack patterns or signatures cannot identify.

Since emerging in the early 2010s, NDR has become instrumental in identifying unusual traffic indicating command and control, lateral movement, exfiltration, and malware activity.

"Threat actors are continuously developing techniques on how to disable or circumvent endpoint protection solutions," Minarik said.

He added that NDR plays a crucial role as a second line of defence, identifying threats and enabling remediation promptly.

Minarik underscores a key point: "Always ask yourself what you are going to do when prevention fails."

Beyond bypassing endpoint protections, coverage gaps present another challenge: "A typical enterprise environment is composed of various systems, devices such as IoT and endpoints that do not allow installing an agent."

He emphasised that a common coverage of endpoint protection solutions is around 50%. With half of the devices left unprotected, Minarik noted that NDR is the only option left to defend devices against threat actors.

LLM-powered NDR features

According to Minarik, AI-powered NDR goes beyond signature-based detection. It utilises various AI techniques, such as machine learning, heuristics, or behavioural analysis, to sift through millions of records representing network sessions and identify malicious behaviour. This advanced AI capability significantly enhances the accuracy and speed of threat detection in NDR systems.

He explained that these algorithms sift through millions of records representing network sessions and look for malicious behaviour.

Minarik explained that NDR systems are typically passive and invisible from a network perspective, allowing them to monitor both inbound and outbound comprehensively (north-south), as well as internal (east-west) traffic.

"NDR technology was developed as a reaction to the limited usability of traditional signature-based Intrusion Detection Systems, addressing the exponential growth of the network traffic, the adoption of encryption and being able to find malicious behaviour without signatures," he said.

Related:  SailPoint launches Risk Connectors to help organisations act on risks

 Minarik emphasised that top-class NDR systems combine various detection techniques, including signatures, to inspect the network traffic from different angles and provide comprehensive detection capabilities.

More recently, Minarik noted that LLM-powered features are now being integrated into NDR tools to mimic the work of junior analysts. These tools can perform basic triage, prioritisation, summarisation or recommendations of remediation steps, "making human security analysts more efficient," he emphasised.

Benefits of AI-powered NDR

When effectively implemented, enterprises can reap the benefits of AI-powered NDR.

"Main security outcomes are advanced threat detection, threat response and improved visibility. NDR can detect anomalous behaviour and zero-day threats that traditional signature-based systems might miss," he explained.

He added that AI-powered NDR can automatically correlate alerts, prioritise them based on risk, and recommend or even initiate predefined response actions.

Moreover, Minarik explained that deep insights into east-west traffic enable the discovery of lateral movement within the network. It can also provide an audit trail of any network sessions with months of historical data.

"This goes hand in hand with operational efficiency," he added. "Correlation and prioritisation help to reduce the alert fatigue, and analysts can focus on high-impact incidents. Automated or assisted investigations reduce mean time to respond.".

According to the Progress executive, NDR can augment and streamline security operations by integrating with Security Information and Event Management (SIEM) or Security Orchestration, Automation, and Response (SOAR) systems.

NDR democratisation

Minarik stated that NDR initially aimed to address the needs of large enterprises. However, he noticed NDR solutions have become more accessible over the last 5 years.

"We have seen significant democratisation of the NDR market with many new players entering this space and providing offerings tailored to the needs and budgets of medium-sized organisations."

Supporting this trend, recent research indicates that the global NDR market is projected to reach USD 3.46 billion by 2025, growing at a compound annual growth rate (CAGR) of 16.5% from 2025 to 2032.

"Globally, including the APAC region, NDR is still not a mainstream technology, but solutions are available and adoption is growing," he said.

Related:  Ransomware groups switch to remote ransomware attacks

In Asia Pacific, the NDR market was valued at USD 1.1 billion in 2024. Projections show that it will reach USD 3.5 billion by 2023, growing at a CAGR of 15.5% from 2026 to 2033.

According to Verified Market Reports, several factors are driving the growth of the NDR market in the region, including the increasing number of cyberattacks, such as ransomware and zero-day exploits.

Moreover, digital transformation initiatives, the growing adoption of cloud technologies and IoT devices, as well as regulatory mandates and compliance requirements, drive the NDR market growth in APAC.

"The integration of AI and behavioural analytics within NDR platforms enhances threat detection accuracy and reduces response times. Rising cybersecurity awareness and budget allocations in enterprises and governments are strengthening market growth, making NDR a vital part of the overall security ecosystem," according to the same report.

Deploying an AI-powered NDR solution

Minarik advises those who want to deploy an AI-powered NDR solution to start with a proof of concept. This involves testing the NDR solution in a controlled environment to ensure that it fits well with the organisation's network infrastructure and security needs.

He also recommends considering the requirements for network sensors, their performance characteristics, and capacity when choosing a vendor.

Given the complexity of modern networks, he urges organisations to ensure that NDR solutions can cover all their on-premises, private, and public cloud infrastructure. Furthermore, he stated that NDR solutions should also provide a comprehensive and consolidated view of network traffic.

"Don't rush the implementation, take a step-by-step approach," Minarik stressed.

He cautions against hastily deciding on implementing NDR: "Reserve time for implementation and tuning the system properly, don't fall for marketing claims such as 'no tuning required".

According to Minarik, organisations must ensure the operationalisation of NDR solutions and have a process in place for responding to a detected threat, "either through automation or manually at first."

The benefits of AI-powered NDR

Projections reveal that with continuous innovation and evolving cyber threats, "the future scope of the Asia Pacific NDR market looks promising."

As the threat landscape evolves, so must defences. AI-powered NDR, when intentionally implemented within an organisation, can help strengthen the long-term security posture while enhancing operational efficiency and reducing workforce burnout.

Tags: Artificial IntelligenceCISOcybersecurityProgress
Melinda Baylon

Melinda Baylon

Melinda Baylon joins Cxociety as editor for FutureCIO and FutureIoT. As editor, she will be the main editorial contact for communications professionals looking to engage with aforementioned media titles. 

Melinda has adecade-long career in the media industry and served as TV reporter for ABS-CBN and IBC 13. She also worked as a researcher for GMA-7 and a news reader for Far East Broadcasting Company Philippines. 

Prior to working for Cxociety, she worked for a local government unit as a public information officer. She now ventures into the world of finance and technology writing while pursuing her passions in poetry, public speaking and content creation. 

Based in the Philippines, she can be reached at [email protected]

No Result
View All Result

Recent Posts

  • The benefits of AI-powered Network Detection and Response
  • Phishing susceptibility remains high among bank employees
  • Singapore leads in AI security, faces shadow AI woes
  • New initiatives to combat Southeast Asia scams
  • Shadow AI use complicates cybersecurity efforts

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl