In July 2024, Sophos plans to release the NDR Investigation Console, a new component for the Network Detection and Response (NDR) solution.
The NDR Investigation Console provides:
- A graphical user interface for accessing 30 days of historical network telemetry data collected by NDR sensors
- The ability to view all network traffic, not just detected threats
- Advanced filtering and querying capabilities to analyze network activity by attributes like session risk, applications used, detection engine results
- Visualizations to help identify patterns and correlate events in network data
- The foundation for future anomaly detection capabilities
Key Points:
- No additional licensing required beyond existing NDR product licenses
- Deploys on virtual or hardware appliances on the same network as NDR sensors
- Supports accessing data from one or more NDR sensors
Value Proposition:
The NDR Investigation Console enhances Sophos' NDR solution with powerful investigation, monitoring and visibility capabilities:
- Gain comprehensive visibility into all network communications over the past 30 days
- Investigate potential threats or anomalies that may have gone undetected
- Monitor network activity holistically to identify suspicious patterns and behaviors
- Leverage advanced data analysis tools to quickly pinpoint issues
- Lay the groundwork for improved threat detection through anomaly-based analytics
A video overview is available at: https://vimeo.com/953187012?share=copy
The NDR Investigation Console aims to provide enhanced network visibility, investigation tools, and monitoring compared to the current NDR solution which focuses on detected threat data