Network Detection & Response (NDR)

NDR detects suspicious network traffic patterns that goes unseen by your managed endpoints and firewalls, including:

• Unknown or Unprotected Network Devices – including legitimate IoT or OT devices
• Unauthorised or Rogue Assets
• New and Previously Unseen Command and Control (C2) Activity
• Suspicious or Malicious Network Traffic Flows and Patterns

Data Detection Engines 

Extensible query engine uses a deep learning prediction model to analyze encrypted traffic and identify patterns across unrelated network flows.

Domain Generation Algorithm

Identifies dynamic domain generation technology used by malware to avoid detection.

Deep Packet Inspection

Uses known indicators of compromise to identify threat actors and malicious tactics, techniques, and procedures across encrypted and unencrypted network traffic.

Session Risk Analytics

Powerful logic engine utilizes rules that send alerts based on session-based risk factors.

Encrypted Payload Analysis

Detects zero-day C2 servers and new variants of malware families based on patterns found in the session size, direction, and interarrival times.

• Providing detections deep within a network
• Works with your firewall to detect network activity and threats
• Inspects encrypted  traffic flows without compromising PII
• Deploy, configure, and manage from Sophos Central
• Those customers having Sophos Firewall, automated threat response is available to immediately block a threat and prevent lateral movement.
• Runs as a virtual appliance on popular hypervisor platforms like VMware and Hyper-V.
• Connects directly to your switch via SPAN port mirroring to monitor all traffic.