Sophos Central Network Detection and Response
Unleash the full potential of your network

The Most Comprehensive Data Drives the Most Accurate Detection Strategy

Organizations can benefit from a holistic approach to threat detection and response and faster ways to correlate an ever-growing volume and variety of data. The deeper the visibility and context, the more precise the investigation into threat activity. That means when security telemetry can come together, it paints a more accurate picture of the entire attack path.

As an add-on to Sophos MDR, the Sophos Network Detection and Response (NDR) virtual appliance monitors network traffic to identify suspicious network flows. Detections are sent to the Sophos data lake, evaluated, and assigned a corresponding risk score, generating cases for the Sophos threat response team to investigate and validate. NDR detections can trigger an investigation into internal host connections to network servers and can also be used to enrich threat hunts for endpoint activity to determine which devices are communicating.

Your Security Needs Tools That Work Well Together

Sophos NDR is a native Sophos MDR integration. It readily connects, does not produce excessive noise or mismatched risk scores, and does not require time to establish a baseline like other solutions. The table below describes the functionality of Sophos NDR’s detection engines.

Sophos NDR is delivered as a virtual appliance. Once deployed, it authenticates with the Sophos Central management console and starts sending data. NDR status and detections are viewable in Sophos Central.

Highlights

• Add network detections to Sophos MDR to monitor suspicious network flows that endpoint software can’t access
• Enable threat investigations and hunts into internal host connections to network services and other network connections
• Detect malware within encrypted traffic where it often remains hidden
• Easily view NDR sensor status and detections in Sophos Central

Sophos NDR identifies:

Unprotected Devices

Identify legitimate devices that aren't protected and could be used as entry points, including IoT and OT assets.

Rogue Assets

Pinpoint unauthorized and potentially malicious devices communicating across a network.

Insider Threats

Gain visibility to network traffic flows and “normal” data movement from inside an organization.

Zero-Day Attacks

Detect server command-and-control (C2) attempts based on patterns found in session packets.

Five Real-Time Threat Detection Engines: