Cloud Security Podcast by Google EP272 More Than Just Packets: Is NDR a "First-Class" Cloud Security Control?
Apr 13, 2026
Raja Mukerji, co-founder and chief scientist at ExtraHop, an expert in network and SSL acceleration, makes the case for network detection and response as a vital visibility control. He discusses NDR’s comeback, how it works with TLS‑1.3 and cloud environments, where it outperforms agent-based telemetry, detection of shadow AI/services, and practical scaling and cost considerations.
AI Snips
Chapters
Transcript
Episode notes
Network Is The Holograph Of The Enterprise
- The network remains the fundamental source of enterprise visibility and often reveals breaches agents miss.
- Raja Mukerji calls the network the "holograph of the enterprise" and says investigators always ask, "what does the packet trace say?".
You Can Decrypt TLS Without Private Keys
- TLS encryption alone doesn't kill network visibility because you can retrieve symmetric keys without owning private keys.
- Raja explains ExtraHop gets symmetric keys from load balancers, agents, or proxies to surgically decrypt traffic with governance.
Discover Assets By Listening On The Wire First
- Start investigations and asset discovery by passively listening to the network before instrumenting endpoints.
- Raja says dropping "something on the wire" quickly shows who's talking to whom and where to place further controls.