Overview
Sophos NDR continuously monitors network traffic to detect suspicious activities that may be indicative of attacker activity, leveraging a combination of machine learning, advanced analytics, and rule-based matching techniques.
It detects a wide range of security risks, including rogue devices (unauthorized, potentially malicious devices that are communicating across the network), unprotected devices (legitimate devices that could be used as an entry point), insider threats, zero-day attacks, and threats involving IoT and OT devices.
Plus, when combined with other security telemetry, Sophos NDR enables threat analysts to paint a more complete, accurate picture of the entire attack path and progression, enabling a faster, more comprehensive response.
To install Sophos NDR on AWS, a customer who has a Sophos Central Account and licensed to use MDR/XDR can download a cloud formation script from Sophos Central. When deployed in an AWS Account, the template will create a stack with all the required infrastructure to run Sophos NDR. Before creating the stack the user should accept a EULA on Marketplace for Sophos NDR AMI
Highlights
- Uses known indicators of compromise to identify threat actors and malicious tactics, techniques, and procedures across encrypted and unencrypted network traffic.
- Detects zero-day C2 servers and new variants of malware families based on patterns found in the session size, direction, and interarrival times. Identifies dynamic domain generation technology used by malware to avoid detection.
- Extensible query engine uses a deep learning prediction model to analyze encrypted traffic and identify patterns across unrelated network flows. Powerful logic engine utilizes rules that send alerts based on session-based risk factors.
Details
Pricing
Vendor refund policy
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Sophos NDR for AWS
Sophos NDR continuously monitors network traffic to detect suspicious activities that may be indicative of attacker activity, leveraging a combination of machine learning, advanced analytics, and rule-based matching techniques.
It detects a wide range of security risks, including rogue devices (unauthorized, potentially malicious devices that are communicating across the network), unprotected devices (legitimate devices that could be used as an entry point), insider threats, zero-day attacks, and threats involving IoT and OT devices.
Plus, when combined with other security telemetry, Sophos NDR enables threat analysts to paint a more complete, accurate picture of the entire attack path and progression, enabling a faster, more comprehensive response.
To install Sophos NDR on AWS, a customer who has a Sophos Central Account and licensed to use MDR/XDR can download a cloud formation script from Sophos Central. When deployed in an AWS Account, the template will create a stack with all the required infrastructure to run Sophos NDR. Before creating the stack the user should accept a EULA on Marketplace for Sophos NDR AMI.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
You can manage your Sophos NDR Appliance on AWS from the Web Interface using HTTPS (TCP port 8443) and the command shell using SSH (TCP port 22)
Resources
Vendor resources
Support
Vendor support
You can get help with your Sophos product in many different ways. https://doc.sophos.com/support/help/en-us/contact/index.html
Sophos Community Chat with our Community Experts. Find answers on the community forum, and share your expertise.
Support TechVids Follow along with Sophos Experts as they walk you through the most common technical support issues.
Support Portal Leverage the Sophos Support Portal search tool. Global Support phone numbers: https://doc.sophos.com/support/help/en-us/contact/index.html
Sophos Support URL: https://www.sophos.com/en-us/support
Support protal documentation: https://doc.sophos.com/support/help/en-us/portal/index.html
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
