Network Detection & Response (NDR)

Network Detection & Response (NDR)

Sophos NDR detects suspicious network traffic patterns that goes unseen by your managed endpoints and firewalls, including:

• Unknown or Unprotected Network Devices – including legitimate IoT or OT devices
• Unauthorised or Rogue Assets
• New and Previously Unseen Command and Control (C2) Activity
• Suspicious or Malicious Network Traffic Flows and Patterns

Detection Engines:

Data Detection Engines - Extensible query engine uses a deep learning prediction model to analyze encrypted traffic and identify patterns across unrelated network flows.

Domain Generation Algorithm - Identifies dynamic domain generation technology used by malware to avoid detection.

Deep Packet Inspection  - Uses known indicators of compromise to identify threat actors and malicious tactics, techniques, and procedures across encrypted and unencrypted network traffic.

Session Risk Analytics - Powerful logic engine utilizes rules that send alerts based on session-based risk factors.

Encrypted Payload Analysis - Detects zero-day C2 servers and new variants of malware families based on patterns found in the session size, direction, and interarrival times.

Other Highlights

• Providing detections deep within a network
• Works with your firewall to detect network activity and threats
• Inspects encrypted  traffic flows without compromising PII
• Deploy, configure, and manage from Sophos Central
• Those customers having Sophos Firewall, automated threat response is available to immediately block a threat and prevent lateral movement.
• Runs as a virtual appliance on popular hypervisor platforms like VMware and Hyper-V.
• Connects directly to your switch via SPAN port mirroring to monitor all traffic.