On May 12, 2021, the president of the United States released an executive order on cyber security. The order contained prescriptive actions for compliance as the executive branch responded to the “persistent and increasingly sophisticated malicious cyber campaigns” and their resulting impact on business and public life. But much of the document is more declarative and focused on desired outcomes tied to the overall directive to modernize and improve the nation’s cybersecurity posture, narrowing in on the need for early detection of threats and vulnerabilities. As both public and private organizations look to comply with the order, many are wondering how to identify and fill the gaps within their security stack.
Endpoint detection and response (EDR), multi-factor authentication (MFA), and the need for increased encryption, while implementing a zero-trust approach, were all called out as requirements within the order. Also cited is the directive to follow the National Institute of Standards and Technology (NIST) guidance when modernizing networks within a zero-trust architecture (see NIST Special Publication 800-207). But organizations did not receive the same level of prescriptive guidance across the entirety of the order. As organizations look to build compliance and improve the early detection of vulnerabilities and incidents by employing “all appropriate resources and authorities,” as stated in Section 7(a), beyond EDR, there is room for interpretation on how to meet this executive declaration.
In a recent whitepaper, “NDR as the Cornerstone for Visibility and Threat Detection to Support the Executive Order on Cybersecurity,” the Enterprise Strategy Group (ESG) took a look at the order and noted a common theme – the need for network detection and response (NDR). ESG also cited research that shows that many organizations are already on this path, with 43% of surveyed participants using network-centric detection technologies such as network traffic analysis (NTA) or, more specifically, NDR as a first line of defense when it comes to threat detection.
[See figure 1]
While the term NDR is relatively new, the technology is not. NDR is the evolution of the long-standing NTA market. It emerged to focus on the increased need for visibility and early threat detection in the highly distributed network. NDR solutions apply a combination of non–signature-based advanced analytical techniques such as behavioral modeling and machine learning to network traffic and flow records to alert on anomalous behavior and malicious activities within the network. NDR further increases SecOps teams’ effectiveness by providing response capabilities to act upon alerts through integrations with network access control (NAC) solutions, firewalls, security orchestration, automation, and response (SOAR) tools, or EDR solutions. More recently, as organizations are looking to extend automated responses within a platform, NDR is specifically called on as a critical component of extended detection and response (XDR).
In the whitepaper “NDR as the Cornerstone for Visibility and Threat Detection to Support the Executive Order on Cybersecurity,” ESG takes a deeper look at the emergence of NDR as “an essential component of any threat detection and response program” and cites how this sometimes “overlooked” technology supports the executive order. I encourage you to read the entire whitepaper to learn more, but I have summarized my view on five key takeaways below:
Five ways NDR supports the executive order
This executive order, like most orders from leadership, was a call to action. This call extends beyond entities within the government and those who do business with the government. It signals a new level of involvement of the government in cybersecurity compliance and governance. However, the line has been drawn, and we suspect in the current political climate this will lead to increased oversight and guidance. Directives like this are not all unwelcomed and they can provide a framework for compliance that leads to increased security. And NDR is just what is required to fill the gaps in visibility, to enable early threat detection, and comply with the cybersecurity posture that the executive branch deems is necessary to keep our data safe and our networks secure.
Download and read “NDR as the Cornerstone for Visibility and Threat Detection to Support the Executive Order on Cybersecurity” to take a deeper look at the emergence of NDR as “an essential component of any threat detection and response program.”
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels