How does Network Detection and Response (NDR) Differ from SIEM?

What are the differences between how NDR and SIEM work to improve network security? What are the pros and cons of each? 
Is it necessary to have both types of tools?

44 Answers

author avatar
Top 5Real User

Your SIEM should receive and process traffic generated by your NDR as well as events from your endpoint protection systems, server event logs, infrastructure device logs and cloud services logs then be able to correlate these data points to highlight suspicious patterns or anomalies.  The SIEMs can then send commands to perimeter and point systems in certain cases to interrupt such activity or just alert to them.

author avatar
Top 5LeaderboardReal User

SIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.) and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools offer a central place to collect events and alerts, security data from network devices, servers, domain controllers and more. In a simple way, EDR may be a just another "sensor-type" and "SIEM" stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.

author avatar

NDR is just analysis of network behaviour and forms a part of SIEM strategy. it can only detect anomaly in network traffic flow . SIEM takes logs of network flow also.

author avatar

NDR generate source events from network traffic.
SIEM gethering one or more as well as NDR events AND correlation analysis.
So company need both system

Find out what your peers are saying about Splunk, IBM, Securonix Solutions and others in Security Information and Event Management (SIEM). Updated: May 2021.
479,763 professionals have used our research since 2012.