{"id":5787,"date":"2023-01-26T16:26:09","date_gmt":"2023-01-26T15:26:09","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=5787"},"modified":"2023-01-30T07:22:35","modified_gmt":"2023-01-30T07:22:35","slug":"introducing-sophos-network-detection-and-response-ndr","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/es-es\/2023\/01\/products\/introducing-sophos-network-detection-and-response-ndr\/","title":{"rendered":"Introducing Sophos Network Detection and Response (NDR)"},"content":{"rendered":"

We recently launched\u00a0Sophos Network Detection and Response<\/a>\u00a0(NDR) and it\u2019s already providing real-world value for organizations looking to elevate their defenses against sophisticated attackers and zero-day threats.<\/p>\n

Sophos NDR continuously monitors network traffic to detect suspicious activities that may be indicative of attacker activity, leveraging a combination of machine learning, advanced analytics, and rule-based matching techniques.<\/p>\n

It detects a wide range of security risks, including rogue devices (unauthorized, potentially malicious devices that are communicating across the network), unprotected devices (legitimate devices that could be used as an entry point), insider threats, zero-day attacks, and threats involving IoT and OT devices.<\/p>\n

Plus, when combined with other security telemetry, Sophos NDR enables threat analysts to paint a more complete, accurate picture of the entire attack path and progression, enabling a faster, more comprehensive response.<\/p>\n

Sophos NDR is an add-on integration for\u00a0Sophos MDR<\/a>, our market-leading managed detection and response service that today serves over 14,000 organizations worldwide. Later this year, we\u2019ll also be making Sophos NDR available with\u00a0Sophos Extended Detection and Response<\/a>\u00a0(XDR) for those organizations that prefer to conduct their own threat hunting activities \u2013 more on this in a future post.<\/p>\n

The importance of network detection and response<\/h2>\n

NDR is an essential part of an effective defense-in-depth strategy. Why? Because the network is the one place a stealthy, committed adversary cannot hide.<\/p>\n

Attackers go to great lengths to avoid being detected and Defense Evasion is well known\u00a0MITRE ATT&CK Tactic at the system level. Exploits can hide out of sight of EDR solutions, and adversaries can disable and delete system logs.\u00a0But they still have to traverse the network<\/em>.<\/p>\n

As adversaries continue to evolve their tactics, techniques, and procedures (TTPs) to bypass security controls, NDR is fast becoming a security imperative.<\/p>\n

Sophos NDR: unparalleled network threat detection<\/h2>\n

Sophos NDR is powered by five real-time threat detection engines that use patented multi-layered technologies to detect even the stealthiest of attacks.<\/p>\n

\"\"<\/a>
Sophos NDR detection engines. Click to enlarge.<\/figcaption><\/figure>\n

The\u00a0Data Detection Engine<\/strong>\u00a0is an extensible query engine that uses a deep learning prediction model to analyze encrypted traffic and identify patterns across unrelated network flows.<\/p>\n

Deep Packet Inspection\u00a0<\/strong>uses known indicators of compromise to identify threat actors and malicious tactics, techniques, and procedures across encrypted and unencrypted network traffic.<\/p>\n

Encrypted Payload Analytics\u00a0<\/strong>detects zero-day C2 servers and new variants of malware families based on patterns found in the session size, direction, and interarrival times.<\/p>\n

Domain Generation Algorithm\u00a0<\/strong>identifies dynamic domain generation technology used by malware to avoid detection.<\/p>\n

Session Risk Analytics\u00a0<\/strong>is a powerful logic engine that utilizes rules that send alerts based on session-based risk factors.<\/p>\n

These five engines monitor east-west (internal) traffic and north-south (outgoing\/incoming) traffic to detect and flag anomalies indicative of threat activity. Alerts generated by Sophos NDR include:<\/p>\n