Progress All-In on AI, Touts IDS-NDR Integration as a ‘Strategic’ and ‘Necessary Evolution’ in Cybersecurity Defence

Cybersecurity is as much about strategy as it is about technology. Together, they can make a whale of difference in any organisation’s defence initiative.

And nowadays, robust cybersecurity is undoubtedly a necessity, with cyber attacks becoming more and more frequent. In fact, recent research discovered that as much as 76% of organisations globally were attacked at least once in the past 12 months, with 26% of them attacked at least four times. These are staggering statistics, to say the least, and they underscore why Progress Vice President for APAC, John Yang, thinks the cybersecurity space “will be becoming even more complex”—so much that organisations will need more than ever “technology that can help them reduce the time to detect and respond to these threats.”

Detecting threats and responding to them is precisely what Network Detection and Response (NDR) and Intrusion Detection Systems (IDS) are designed to do.

An NDR system provides dynamic defence by continuously analysing network patterns and searching for suspicious behaviours, enabling it to identify and respond to various cyber threats, ranging from external attacks to subtle insider concerns. It is particularly vital for detecting the initial stages of attacks, especially those overlooked by traditional solutions. An IDS, on the other hand, examines network traffic and compares it against a database of known threat signatures—specific patterns or sequences of data indicating malicious activity. In case of a match, the IDC sends out an alert for a potential security threat that can be quickly scrutinised by the IT or cybersecurity team.

Yang, however, was quick to point out in an exclusive interview with Cyber Security Asia (CSA) the limitations of traditional IDS: It is less effective against newer, unknown threats or sophisticated attacks designed to evade detection since it relies primarily on pre-defined signatures.

Actually, all traditional systems are essentially limited in this way, especially given the sheer volume of security events and alerts that, according to Yang, may be “overwhelming for the average organisation of today.”

Aside from the sheer number of threats, organisations need to also worry about cybercriminals upgrading their means of attack—so much so that they can now attack new exploits just days after they are publicly disclosed. This growing sophistication adds a huge wrinkle to the never-ending fight against cyber attacks and necessitates an upgraded arsenal; otherwise, threat actors will gain the upper hand.

Upgrading the Arsenal with AI

Artificial Intelligence (AI), Yang told CSA, can give that much-needed upgrade, levelling up existing security solutions and remediating their limitations.

“AI-powered security looks like having an intelligent detection engine that applies automated behaviour analysis algorithms to detect anomalies concealed within network traffic. This significantly raises agility in the face of malicious behaviours, attacks against mission-critical applications, data breaches, and other indicators of compromise,” Yang pointed out. “AI also provides a more advanced and holistic view of detected security events, empowering cybersecurity professionals to identify crucial ones, prioritise them with context, guide efficient decision-making and respond proactively.”

But what truly separates AI-powered solutions from non-AI ones, is that “AI injects another level of intelligence to network detection and response capabilities”—in turn providing network layer visibility of potential attacks and ensuring organisations can act upon early detection and warnings.

Take an NDR system, for example. According to Yang, AI helps NDR look into parts of the network that were previously beyond security teams’ visibility, enabling them to see more, do more, and defend more.

“Essentially, AI-powered NDR leverages sophisticated algorithms to shed light on anomalies and changes of standard patterns in these parts of the network traffic,” he explained. “By using mathematical models to calculate probabilities of unusual activities, the system leaves no stone unturned in differentiating the normal operations from potential threats.”

Yang offered up Progress Flowmon as a perfect example of an NDR upgraded by AI. Named a Technology Leader in Network Detection and Response in the SPARK Matrix 2022, Progress Flowmon, according to Yang, uses machine learning and behavioural analysis to identify anomalies and suspicious activity, even when attackers try to evade detection using encryption or other techniques to hide their activities. With AI, this NDR gives organisations full network visibility and decisive intelligence for comprehensive protection against all sorts of threats—including even the most modern ones.

Artificial Intelligence can also level up IDS, said Yang, by offering fast and automatic access to an expanded range of meaningful security insights so that security professionals immediately get sophisticated intelligence and context. This kind of always-on analysis, the Progress executive pointed out “empowers security professionals to distil and summarise only the most important events and findings,” making them more agile in any security situation and enabling them to detect threats more effectively.

See More, Do More: Why Integrating NDR and IDS Is the Way Forward

Security solutions on their own are effective only up to a certain point. But they can be far more effective when they work together instead of in siloes. This is why integrating NDR and IDS makes perfect sense.

“Of the many advantages, the primary one of integration is the expansion of network coverage. While the traditional IDS systems focus only on the network perimeter and external traffic, the integrated deployment with NDR expands its detection capabilities to the larger network. That includes east-west traffic, which allows for more in-depth monitoring and security coverage. Integration also enhances visibility and equalises security postures across cloud environments,” Yang explained.

He added: “Consolidating NDR and IDS also provides organisations with a bulwark against insider threats via the introduction of IDS techniques to the internal network that enhances detection and mitigation. Meanwhile, NDR brings the ability to pick up unknown indicators, enhancing precision and fostering a deeper understanding of threats, which can be used to strategise appropriate defence responses.”

In other words, integrating NDR and IDS enables organisations to see more of their network—and, by extension, do more to protect it using the combined capabilities and features of the two solutions. No wonder Yang deems this integration as more than just a technological update “but rather a strategic integration that is a necessary evolution in cybersecurity defences.”

Ensuring Progressive Defence with Progress

This integration, Yang warns, can be complicated. However, Progress can simplify it with tools such as Progress Flowmon ADS, which Yang said is “designed to act as a critical source of information that provides countless integration possibilities with complementary security tools and platforms—including Syslog, SNMP, email, REST API or custom scripts.”

“By allowing organisations to leverage existing infrastructure as sensors, Flowmon ADS fills in any protective gaps between perimeter and endpoint, which is a common vulnerability exploited by attackers,” explained Yang. “Not only that, Flowmon ADS leverages behavioural analysis algorithms, which unlike conventional solutions based on statistical detection, exposes anomalies hidden in network traffic.”

Indeed, Progress can help companies build a high-performing and resilient infrastructure that can help them run business operations and protect against cyber risks at the same time. It also offers a range of AI-based solutions that automatically process all detected events to pinpoint priorities, helping professionals allocate their time more efficiently rather than analyse a higher volume of events

Moving forward, Progress plans to build upon its already industry-leading portfolio of AI-driven solutions and provide even more AI-based functions, including automated suggestions on detection engine tuning that can potentially turn average users into proficient experts capable of maximising detection accuracy.

All that, however, is looking too far ahead. Organisations are under threat right at this very moment, and they need to be focusing on the here and now. Deploying AI-powered NDR and IDS systems and then integrating them is as good a start in this case.