Why NDR is Essential for NIST Zero Trust Architecture

October 22, 2020
Jonathan Barrett
MXDR Security Analyst
Why NDR is Essential for NIST Zero Trust Architecture

NIST's publication about Zero Trust Architecture goes live

Zero trust (ZT) is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

     – NIST

Last year, I wrote about the National Institute for Standards and Technology (NIST) draft publication for the Zero Trust Architecture (NIST SP 800-207), or ZTA.

I am now glad to share that this document has been finalized after external public review. It does a great job of summarizing the key components of ZTA and the problem it sets out to solve. NIST writes:

“Traditionally, agencies (and enterprise networks in general) have focused on perimeter defense and authenticated subjects are given authorized access to a broad collection of resources once on the internal network. As a result, unauthorized lateral movement within the environment has been one of the biggest challenges for federal agencies.”

Due to an increasingly mobile and remote workforce alongside the rapid expansion of cloud services, modern enterprises are undergoing massive changes. As a result, traditional network security tools that depend on visibility at endpoints of on-premises networks—like intrusion detection and prevention systems (IDPS)—are becoming obsolete.

Benefits of NDR for NIST Zero Trust Architecture

Adopting a Zero Trust security paradigm, one that focuses on protecting resources (assets, services, workflows, accounts) and not network segments, has become a more popular approach.

ZTA relies heavily on continuous and accurate monitoring of the interactions between these resources on the network to evaluate and control access based on their behaviors. In fact, as noted in the NIST report, “An enterprise implementing a ZTA should establish a continuous diagnostics and mitigation (CDM) or similar system.”

With a CDM, or network detection and response (NDR), security analysts can answer questions like:

  • What devices, applications and services are connected to the network and being used by the network?
  • What users and accounts, including service accounts, are accessing the network?
  • What traffic patterns and messages are exchanged over the network?

The ability to address these questions underlines the importance of organizations to have visibility into all actors and components on their network so they can monitor and detect threats.

Vectra AI's compliance in NIST's Zero Trust Architecture model

Vectra AI is the only U.S.-based FIPS-compliant NDR on the Department of Homeland Security CDM approved products list that uses artificial intelligence (AI). Our AI includes deep learning and neural networks to give visibility in large-scale infrastructures by continuously monitoring all network traffic, relevant logs, and cloud events.

The Vectra AI Platform can detect advanced attacks as they are happening in all traffic, from cloud/SaaS and data center workloads to user and IoT devices. We do this by extracting metadata from all packets and logs without requiring decryption. Every IP-enabled device and account on the network is identified and tracked, extending visibility to servers, laptops, printers, BYOD, and IoT devices in addition to all operating systems and applications.

The Vectra AI Platform scores all identities in the platform with the same criteria as hosts. This allows you to see the observed privileges in your system as opposed to the static assigned privilege.

We applaud NIST for highlighting the importance of an NDR solution as a key part of any ZTA. At Vectra AI, we’re proud to offer a turnkey NDR solution that empowers organizations on their journey to implement modern security architecture.

To learn more, check out our interactive demo or explore our product page.


What is Network Detection and Response (NDR)?

NDR is a cybersecurity solution that monitors network traffic to detect and respond to threats in real-time.

How does NDR improve network visibility?

NDR improves network visibility by analyzing all traffic and identifying suspicious activities and anomalies.

What are the components of NIST Zero Trust Architecture?

Components include continuous monitoring, identity verification, and enforcing least privilege access.

What are the benefits of automated threat detection?

Automated threat detection ensures faster response times and reduces the risk of breaches.

What is the role of machine learning in NDR?

Machine learning enhances NDR by analyzing patterns and detecting anomalies, leading to proactive threat management.

Why is NDR critical for Zero Trust Architecture?

NDR provides continuous monitoring and accurate detection, key for enforcing Zero Trust principles.

How does Vectra AI implement NDR?

Vectra AI implements NDR by using machine learning to detect threats and provide actionable insights.

How does NDR help with compliance?

NDR supports compliance by providing detailed logs and automated responses to security incidents.

How does NDR integrate with other security tools?

NDR integrates with other security tools to provide a comprehensive security posture and streamline incident response.

What challenges does NDR address in Zero Trust Architecture?

NDR addresses challenges such as lateral movement detection and visibility into encrypted traffic.