---
title: "Q&A on Network Detection and Response (NDR)"
id: "24837"
type: "post"
slug: "qa-on-network-detection-and-response-ndr"
published_at: "2021-09-23T20:01:16+00:00"
modified_at: "2025-10-30T15:14:27+00:00"
url: "https://stellarcyber.ai/qa-on-network-detection-and-response-ndr/"
markdown_url: "https://stellarcyber.ai/qa-on-network-detection-and-response-ndr.md"
excerpt: "What is NDR? Today’s network detection and response (NDR) has a long history, evolving out of network security and network traffic analysis (NTA). The historical definition of network security is to use a perimeter firewall and Intrusion Prevention Systems to..."
taxonomy_category:
  - "AI-driven security"
  - "Application Security"
  - "Cyberattacks"
  - "Cybersecurity"
  - "IT technology"
  - "NDR"
  - "Network Security"
  - "Network Traffic Analysis"
  - "Open XDR"
  - "Open XDR Platform"
---

**What is NDR?**Today’s **[network detection and response](https://stellarcyber.ai/platform/capabilities-ndr/)
 ([NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
)** has a long history, evolving out of network security and **network traffic analysis (NTA)**. The historical definition of network security is to use a perimeter firewall and Intrusion Prevention Systems to screen traffic coming into the network, but as IT and security technology have evolved, the definition is much broader now due to modern attacks leveraging more complex approaches.

Today, network security is everything a company does to ensure the security of its networks, and everything connected to them. This includes the network, the cloud (or clouds), endpoints, servers, IoT, users and applications. **Network security** products seek to use physical and virtual preventive measures to protect the network and its assets from unauthorized access, modification, destruction and misuse.

**Why is NDR important?**[NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
 is important because the network is the backbone of the IT infrastructure, and every user and device is connected to it—it’s the single source of truth if you can see into the traffic in a meaningful way. Traffic from all your systems, including endpoints, servers, applications and internet, must pass over the network, so the network is the logical source of true information about security exploits, and [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
 is the tool that captures that information.

There are a lot of security tools that cover endpoints, applications like e-mail, and servers, but analyzing data and logs from these tools is not enough to thwart today’s attacks. If there is one important thing to know about the network, it’s that it doesn’t lie. That’s why NDR completes an organization’s journey to **Everything Detection and Response** (i.e., [XDR](https://stellarcyber.ai/platform/what-is-open-xdr/)
) alongside Endpoint Detection and Response (i.e., EDR) for endpoint data and **[SIEM](https://stellarcyber.ai/enterprise/ng-siem-use-cases/)**for security tool logs. Specifically, [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
sees what the endpoints and other logs don’t see (the entire network; devices, SaaS applications, user behavior), acts as the true data set and enables real-time responses.

**How does NDR work?**[NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
 solutions use non-signature-based techniques (for example, [machine learning](https://stellarcyber.ai/how-ai-and-machine-learning-improve-enterprise-cybersecurity/)
 or other analytical techniques) for unknown attacks alongside quality signature-based techniques (for example threat intel fused in-line for alerts) for known attacks to detect suspicious traffic or activities. [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
 can ingest data from dedicated **sensors**, existing firewalls, IPS/IDS, metadata from **NetFlow**, or any other network data source, assuming strategic placement of sensors and/or other network telemetry. Both north/south traffic and east/west traffic should be monitored as well as traffic in both physical and virtual environments. All data is collected and aggregated in a central data lake, enriched with contexts such as [Threat Intelligence](https://stellarcyber.ai/platform/platform-threat-intelligence/)
, host name and/or user information, then processed by an advanced [AI engine](https://stellarcyber.ai/product/stellar-cyber-multi-layer-ai/)
 to detect suspicious traffic patterns and raise alerts.

Once alerts are triggered, the analyst or [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
 solution must respond. Response is the critical counterpart to detections and is fundamental to [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
. Automatic responses such sending commands to a [firewall](https://stellarcyber.ai/enterprise/firewall-traffic-analyzer/)
 to drop suspicious traffic or to an **EDR** tool to quarantine an affected endpoint, or manual responses such as providing threat hunting or incident investigation tools are common elements of [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
.

**How do you integrate NDR with other security tools?**NDR tools integrate with other security tools through application programming interfaces (APIs) provided by the [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
 vendor. Of course, if you’re using Stellar Cyber’s [Open XDR platform](https://stellarcyber.ai/partners/open-xdr-ecosystem/)
, [NDR](https://stellarcyber.ai/platform/capabilities-ndr/)
is already integrated into it, along with a next-generation [SIEM](https://stellarcyber.ai/platform/capabilities-ng-siem/)
 and threat intelligence.

[Download NDR Buyers Guide >](https://d6i9zfdwymowh.cloudfront.net/wp-content/uploads/2025/04/09-25_NDR_BuyersGuide_v1.pdf)

## Related Posts

[https://stellarcyber.ai/ai-agents-mcp-security-operations/](https://stellarcyber.ai/ai-agents-mcp-security-operations/)

[https://stellarcyber.ai/the-human-augmented-autonomous-soc-a-perfect-blend-of-technology-and-humanity/](https://stellarcyber.ai/the-human-augmented-autonomous-soc-a-perfect-blend-of-technology-and-humanity/)

[https://stellarcyber.ai/ndr-is-a-requirement-for-modern-security-defenses-and-the-agentic-soc/](https://stellarcyber.ai/ndr-is-a-requirement-for-modern-security-defenses-and-the-agentic-soc/)