Hardware Sizing

Some general guidance on sizing the Appliance for your network.

If you know the peak and sustained bandwidth consumption at the switch, it is fairly straightforward to map that to the max bandwidth information in the sizing document and the peak bandwidth you experience. NDR is aware and handles streaming and elephant flows (Backup activity) with optimization for this type of traffic. Most threats are identified in typical browsing and general application network activity.

Check the capacity of the switch that you are going to be getting mirrored traffic from - the NDR Sensor should be the same capacity.

If you are still uncertain, here is a table for a typical business: For a typical business, we assume 20% are power users with multiple devices (Devs and the like), 60% typical users with browsing, email activity, and 20% light users. The organization uses VoIP, has some video streaming, and large file upload/download activity, as well as servers for applications and web hosting.

If you are heavy users of video/music streaming, you may want the next level up. If mostly emailing, one level down.

With the Sophos NDR License you can deploy as many NDR appliances (Virtual or Physical) as necessary to support branch offices and data centers.

OnLogic Helix 510 / Intel NUC (2.5Gbps):

DELL R360 / DELL R350 (4Gbps):

DELL R450 (10Gbps):

DELL R660XS / DELL R650 (20Gbps):

DELL R660 (40Gbps):