Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Introducing Sophos Network Detection and Response (NDR)

Sophos NDR identifies rogue assets, unprotected devices, insider threats, and novel attacks to accelerate threat detection and response.

We recently launched Sophos Network Detection and Response (NDR) and it’s already providing real-world value for organizations looking to elevate their defenses against sophisticated attackers and zero-day threats.

Sophos NDR continuously monitors network traffic to detect suspicious activities that may be indicative of attacker activity, leveraging a combination of machine learning, advanced analytics, and rule-based matching techniques.

It detects a wide range of security risks, including rogue devices (unauthorized, potentially malicious devices that are communicating across the network), unprotected devices (legitimate devices that could be used as an entry point), insider threats, zero-day attacks, and threats involving IoT and OT devices.

Plus, when combined with other security telemetry, Sophos NDR enables threat analysts to paint a more complete, accurate picture of the entire attack path and progression, enabling a faster, more comprehensive response.

Sophos NDR is an add-on integration for Sophos MDR, our market-leading managed detection and response service that today serves over 14,000 organizations worldwide. Later this year, we’ll also be making Sophos NDR available with Sophos Extended Detection and Response (XDR) for those organizations that prefer to conduct their own threat hunting activities – more on this in a future post.

The importance of network detection and response

NDR is an essential part of an effective defense-in-depth strategy. Why? Because the network is the one place a stealthy, committed adversary cannot hide.

Attackers go to great lengths to avoid being detected and Defense Evasion is well known MITRE ATT&CK Tactic at the system level. Exploits can hide out of sight of EDR solutions, and adversaries can disable and delete system logs. But they still have to traverse the network.

As adversaries continue to evolve their tactics, techniques, and procedures (TTPs) to bypass security controls, NDR is fast becoming a security imperative.

View full article: