We are excited to announce the upcoming launch of our Early Access Program (EAP) for Sophos Network Detection and Response (NDR). Starting this July, all XDR and MDR customers will have an exclusive opportunity to test the potent capabilities of Sophos NDR at no additional cost. If you are an existing XDR or MDR customer without an NDR license this EAP will allow you to trial the NDR features. For existing NDR customers joining the EAP will get you early access to features before they become generally available for with your existing NDR license.
What is Sophos NDR?
Initially rolled out for our Sophos Managed Detection and Response customers in late 2022, Sophos NDR brings a comprehensive approach to threat detection and response. By collecting and correlating an ever-growing volume and variety of network data, and leveraging advanced detection engines and machine learning algorithms, Sophos NDR efficiently identifies and addresses a wide range of evolving and newly emerging threats. The outcome is a quicker, more precise investigation into threat activities, offering an in-depth understanding of the entire attack path and its progression1.
Sophos NDR leverages a variety of detection engines including encrypted payload analytics, domain generation algorithms, deep packet inspection, session risk analytics, and device detection analytics. This comprehensive monitoring enables it to detect attacks that could otherwise go unnoticed1.
Sophos NDR is delivered as a virtual appliance that monitors all network traffic to identify suspicious network flows. Alerts are sent to the Sophos data lake and evaluated, and a corresponding risk score is assigned, automatically generating detections and cases for the threat response team to investigate and validate1.
Why is Sophos NDR Critical for Threat Detection?
Sophos NDR distinguishes itself through its robust network visibility and cutting-edge threat detection capabilities. Sophos NDR can identify communication with command-and-control servers and pinpoint known indicators of compromise in both encrypted and plain text traffic. Additionally, it can detect abnormal network traffic patterns that may suggest high-risk activity1.
Sophos NDR's ability to ingest and analyze network traffic directly from the wire, and combine this data with endpoint and other security data, leads to high confidence rates in alerts. This feature makes Sophos NDR a critical component of a modern cybersecurity strategy, enhancing your capacity to detect and respond to threats swiftly and efficiently1.
What Does Participation in the EAP Provide?
Participating in the EAP enables you to deploy NDR sensors on either VMWare or MS Hyper-V platforms. Once deployed, the NDR sensor starts generating detection and network flow information, which is accessible via Central. In the event of a high-risk detection, the system automatically alerts the administrator and triggers an investigation. Participants will also have access to reports that can assist in monitoring unmanaged devices and tracking application usage by protocol across their network12.
We are devoted to continuously improving Sophos NDR throughout the EAP. Our plan includes adding a GUI management console for the NDR Sensor, updating the detections viewer, and introducing additional reports. Towards the end of the EAP, we are also thrilled to introduce dashboard widgets to facilitate graphical exploration of NDR detection and network activity data.
With the June update to Sophos NDR, we have added an additional machine learning model to detect the encrypted traffic pattern of suspect Pikabot communication. This detection capability is already deployed to the Sophos NDR sensors and no additional updates are required3.
Join Us Participation in the EAP provides a unique opportunity to contribute to the development of Sophos NDR. We invite you to join us on this journey from July to November 2023 and help make Sophos NDR an even more powerful tool in the fight against cyber threats.
Immerse yourself in the world of Sophos NDR and help shape its future