Date: October 2023:
Sophos Network Detection and Response (NDR) is part of Sophos MDR.
It monitors network traffic to identify
suspicious network flows, allowing Sophos MDR analysts to identify which devices may be compromised
during a security incident.:
1: Unprotected Devices;
Identify legitimate devices that aren't protected and could be used as
including IoT and OT assets.
2: Rogue Assets; Pinpoint unauthorized and potentially malicious devices communicating across a network.
3: Insider Threats; Gain visibility to network traffic flows and “normal” data movement from inside an organization..
4: Zero-Day Attacks; Detect server command-and-control (C2) attempts based on patterns found in session packets.
1: Data Detection Engine Pinpoint unauthorized and potentially malicious devices communicating across a network.
2: Deep Packet Inspection
Uses known indicators of compromise to identify threat actors and
malicious tactics, techniques,
procedures across encrypted and unencrypted network traffic.
3: Encrypted Payload Analytics
Detects zero-day C2 servers and new variants of malware families based
found in the session size, direction, and interarrival times.
4: Domain Generation Algorithm Identifies dynamic domain generation technology used by malware to avoid detection.
5: Session Risk Analytics Powerful logic engine utilizes rules that send alerts based on session-based risk factors