Sophos Network Detection and Response
Our all-in-one integrated solution uses the most comprehensive data to provide the most accurate detection strategy.
Detect Suspicious Behaviors That Extend Beyond Your Endpoints
Sophos Network Detection and Response (NDR) is part of Sophos MDR. It monitors network traffic to identify suspicious network flows, allowing Sophos MDR analysts to identify which devices may be compromised during a security incident.
Sophos NDR identifies:
Unprotected Devices
Identify legitimate devices that aren't protected and could be used as entry points, including IoT and OT assets.
Rogue Assets
Pinpoint unauthorized and potentially malicious devices communicating across a network.
Insider Threats
Gain visibility to network traffic flows and “normal” data movement from inside an organization.
Zero-Day Attacks
Detect server command-and-control (C2) attempts based on patterns found in session packets.
Five Real-Time Threat Detection Engines
Data Detection Engine
Extensible query engine uses a deep learning prediction model to analyze encrypted traffic and identify patterns across unrelated network flows.
Deep Packet Inspection
Uses known indicators of compromise to identify threat actors and malicious tactics, techniques, and procedures across encrypted and unencrypted network traffic.
Encrypted Payload Analytics
Detects zero-day C2 servers and new variants of malware families based on patterns found in the session size, direction, and interarrival times.
Domain Generation Algorithm
Identifies dynamic domain generation technology used by malware to avoid detection.
Session Risk Analytics
Powerful logic engine utilizes rules that send alerts based on session-based risk factors.
Easily View NDR Status and Detections
Sophos Central is your single dashboard for real-time alerts, reporting, and management.
