The guard for your network security

Corporate networks are extremely busy - no wonder that cyber attacks often go undetected. It is not uncommon for several months to pass before security incidents are even detected. Defend yourself in time and use Managed NDR (Network Detection & Response) for your network security: Network monitoring detects threats, initiates countermeasures on request and thus ensures more security by protecting your data from hackers and digital espionage.

What is NDR?

NDR stands for Network Detection & Response. It is used to defend against both simple and complex security attacks that make themselves felt on the network. For example:

  • Attacks against user accounts, unauthorized access attempts to systems or even just tapping them for corresponding possibilities (lateral movement and information gathering)
  • The attempt by an attacker, after a successful attack, e.g. via spear phishing or malware, to establish a return channel to its command & control server on the Internet or to another external system or service in order to exfiltrate data
  • Access attempts to various network shares common in a ransomware outbreak
  • Unusual connections that suddenly emanate from certain systems, as may be the case after a supply chain attack

With the help of sensors in the network, NDR records all traffic data. This data serves as a valuable source for detecting anomalies. To do this, NDR solutions typically use a combination of techniques that include machine learning, behavioral analysis, indicators of compromise (IoC), and retrospective analysis. NDR systems analyze both north/south and east/west traffic on the network. Other systems such as IDS/IPS and firewalls typically monitor only the network perimeter (network edge). In addition to network monitoring, NDR also provides initial, automated incident response to threats through certain response functions.

Managed NDR: Intelligent Network Monitoring

Our Managed NDR solution is based on a self-learning system using machine learning algorithms for your network security. After a learning phase, it detects unusual actions that deviate from previous normal behavior on the network. This allows us to identify attacks for you that are trying to stay under the radar. If it is a critical security incident, we contact you immediately. Depending on the incident, certain countermeasures - e.g. blocking a connection or isolating a system - can be automated and thus take effect extremely quickly. This allows attacks to be stopped at a very early stage, which is extremely important in the case of ransomware incidents, for example.

In addition, our security experts also use NDR for Advanced Threat Protection (ATP): Continuous network monitoring allows the history of even advanced and hidden attacks to be traced, where signature-based security tools cut their teeth. Our solution uncovers the obfuscated communication channels based on deviations from normal data traffic and contributes specifically to advanced threat protection and threat hunting.

Side effect: Optimize systems

He who observes notices a lot! Use our NDR solution for better security management in your network - for example, to identify unsafe and unwanted protocols and to verify technical specifications. In addition, you can define almost any number of additional rules, non-compliance with which triggers an alarm. In regular reports, we recommend operational measures with which you can ensure even better protection in your network.

Monitored in BSI certified SOC

Together with you, we design an optimal NDR architecture. Based on this, we place sensors at suitable points in the network, at network transitions or in the cloud. These sensors send metadata extracted from the traffic to a central NDR component for analysis, which is also installed on-premise at your site. We connect this NDR component to our BSI-certified Security Operations Center (SOC) via a secure Virtual Private Network (VPN). From there, our security experts monitor the IT security of your corporate network, your OT environment and your cloud services around the clock. Security incidents are assessed for their relevance. And if there is a need for action, our experts provide well thought-out recommendations.

Our services for you

  • Provision of software + licenses
  • Installation basic system and configuration
  • 24/7 monitoring and alerting (automated) with recommended action
  • regular reportings
  • Platform management (updates, configuration adjustments, etc.)
  • Proactive threat hunting and in-depth analysis of alerts
  • Optional: active incident response and forensic analysis

Your benefits

  • Improved network security through automated detection of attack activity (unknown or known methods, targeted or untargeted attacks, ransomware, supply chain attacks, advanced persistent threats, exploitation of zero-days) and automatable countermeasures
  • Machine learning perfects attack detection
  • Security hygiene: insecure protocols or undesirable communication relationships are detected
  • Detailed regular reports and service meetings
  • Save resources: from platform operation to 24/7 alarm evaluation, all steps take place in our BSI-certified SOC
  • Cost transparency: optional hardware costs and predictable license and service fees
  • Proof-of-Value:  Get to know and try Managed NDR

How can we help you?