Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Summary
Richard Bejtlich argues that Network Detection and Response (NDR) solutions are crucial for security operations teams to effectively answer fundamental incident investigation questions. Despite the availability of extensive telemetry, many teams struggle to determine what happened, gather evidence, and ensure they have a complete view of an incident's context.
IFF Assessment
The article promotes a defensive technology (NDR) that helps security teams improve their incident response capabilities.
Defender Context
This article highlights a persistent challenge in incident response: effectively utilizing available data to understand security events. Defenders should consider how their current tools and processes support answering basic 'what happened' questions during an investigation, and explore solutions like NDR that can enhance visibility and context.