NDR stands for Network Detection & Response. It is used to defend against both simple and complex security attacks that make themselves felt on the network. For example:
With the help of sensors in the network, NDR records all traffic data. This data serves as a valuable source for detecting anomalies. To do this, NDR solutions typically use a combination of techniques that include machine learning, behavioral analysis, indicators of compromise (IoC), and retrospective analysis. NDR systems analyze both north/south and east/west traffic on the network. Other systems such as IDS/IPS and firewalls typically monitor only the network perimeter (network edge). In addition to network monitoring, NDR also provides initial, automated incident response to threats through certain response functions.
Our Managed NDR solution is based on a self-learning system using machine learning algorithms for your network security. After a learning phase, it detects unusual actions that deviate from previous normal behavior on the network. This allows us to identify attacks for you that are trying to stay under the radar. If it is a critical security incident, we contact you immediately. Depending on the incident, certain countermeasures - e.g. blocking a connection or isolating a system - can be automated and thus take effect extremely quickly. This allows attacks to be stopped at a very early stage, which is extremely important in the case of ransomware incidents, for example.
In addition, our security experts also use NDR for Advanced Threat Protection (ATP): Continuous network monitoring allows the history of even advanced and hidden attacks to be traced, where signature-based security tools cut their teeth. Our solution uncovers the obfuscated communication channels based on deviations from normal data traffic and contributes specifically to advanced threat protection and threat hunting.
He who observes notices a lot! Use our NDR solution for better security management in your network - for example, to identify unsafe and unwanted protocols and to verify technical specifications. In addition, you can define almost any number of additional rules, non-compliance with which triggers an alarm. In regular reports, we recommend operational measures with which you can ensure even better protection in your network.
Together with you, we design an optimal NDR architecture. Based on this, we place sensors at suitable points in the network, at network transitions or in the cloud. These sensors send metadata extracted from the traffic to a central NDR component for analysis, which is also installed on-premise at your site. We connect this NDR component to our BSI-certified Security Operations Center (SOC) via a secure Virtual Private Network (VPN). From there, our security experts monitor the IT security of your corporate network, your OT environment and your cloud services around the clock. Security incidents are assessed for their relevance. And if there is a need for action, our experts provide well thought-out recommendations.