What is a network defense platform (NDP)?

A network defense platform (NDP) is a new approach to cloud-centric network monitoring and security.

As enterprise networks radically shift their components to accommodate new services, the need to advance security responses grows.

Many organizations find themselves responsible for hybridized networks composed of cloud and on-premises applications, data, devices, infrastructure, and users, especially in IoT environments. This is what Netography CEO Martin Roesch calls the “Atomized Network.”

According to Roesch (whose company Netography is a vendor in the NDP market) many organizations struggle to improve the efficiency of their security teams by streamlining redundancies and silos. In tasking multiple teams to analyze the same or similar issues with different tools or processes, efficiency is sacrificed, and focusing too heavily on a specific vulnerability can blind an organization to other threats. It was these issues that spurred Roesch into action with the development of Snort, a free open-source network intrusion detection and prevention software now owned by Cisco.

Nearly 25 years later, the Network Defense Platform made its debut with advanced network monitoring and protection technology to attempt to address these issues in the cloud.

NDPs utilize enriched metadata to provide comprehensive observability and respond to cyberthreats in real time. Additionally, NDPs offer an alternative to costly hardware-centric solutions for enterprises working within the constraints of legacy architecture. Whether it be to adhere to zero trust policies or gain actionable insight, an NDP offers a diverse toolkit to satisfy a variety of workloads, including:

  • Closing the visibility gaps opened by local and user technologies in the cloud and on-premises
  • Complementing existing monitoring processes through the detection of anomalous activity in environments out of reach of the current tech stack
  • Accelerating compromise detection, threat hunting, and improving true time-to-action
  • Reducing DDoS damage through assessing and improving the efficacy of mitigation tools
  • Monitoring and enforcing governance policies and regulatory requirements at scale
  • Directing flow logs to reduce costs and gain context around events for faster response
  • Validating current infrastructure and configuration for optimization

Since the release of a report on the need for an NDP by the analyst firm Enterprise Strategy Group, many organizations have come forward with their own services. According to the study, 45% of respondents have experienced an increase in threat detection and response workloads, with nearly 53% of respondents planning to use NDP technology, citing low fidelity as a prime attractor.

Vendors in the NDP market include Cynamics, Stellar Cyber, Lumu, MixMode, Netography and Valtix.

Read more of our cloud definitions and explainers here.