Coming Soon: NDR Investigation Console (July)

In July 2024, Sophos plans to release the NDR Investigation Console, a new component for the Network Detection and Response (NDR) solution.

The NDR Investigation Console provides:

  • A graphical user interface for accessing 30 days of historical network telemetry data collected by NDR sensors
  • The ability to view all network traffic, not just detected threats
  • Advanced filtering and querying capabilities to analyze network activity by attributes like session risk, applications used, detection engine results
  • Visualizations to help identify patterns and correlate events in network data
  • The foundation for future anomaly detection capabilities

Key Points:

  • No additional licensing required beyond existing NDR product licenses
  • Deploys on virtual or hardware appliances on the same network as NDR sensors
  • Supports accessing data from one or more NDR sensors

Value Proposition:

The NDR Investigation Console enhances Sophos' NDR solution with powerful investigation, monitoring and visibility capabilities:

  • Gain comprehensive visibility into all network communications over the past 30 days
  • Investigate potential threats or anomalies that may have gone undetected
  • Monitor network activity holistically to identify suspicious patterns and behaviors
  • Leverage advanced data analysis tools to quickly pinpoint issues
  • Lay the groundwork for improved threat detection through anomaly-based analytics

A video overview is available at: 

The NDR Investigation Console aims to provide enhanced network visibility, investigation tools, and monitoring compared to the current NDR solution which focuses on detected threat data