Network Detection & Response

NDR focuses on monitoring and analyzing network traffic to detect and respond to threats in real-time. It employs techniques such as network packet capture, deep packet inspection, and behavior analysis to identify suspicious activities or anomalies on the network.

 

Including NDR capabilities within an XDR solution, organizations can gain enhanced visibility into network traffic, improve threat detection and response capabilities, and better defend against sophisticated cyber threats that may target their network infrastructure

Managed Network Detection and Response for your datacentre, virtual, WAN, and branch networks

24x7.png
24x7 Inspection

Ongoing, real-time monitoring and detection via advanced analytics and machine learning

Magnifying-Glass-showing-Computer-Virus.png
Detect the Most Elusive Threats

Advanced detection capabilities and rich threat intelligence leave no opportunities for attackers

Folder-List-of-Bugs.png
Threat Hunt Like a Pro

Get data from all sources in a single view, and follow attackers as they move laterally, visualising the entire extent of the attack

Shield-Icon-With-Check.png
Consolidated Response

When a threat is detected, we activate our investigation and response capabilities across all parts of the environment, would it be network, endpoint, or cloud

Overwatch Network Solution

  • is a real-time managed network detection and response solution which can be deployed to monitor inline network traffic on-premises or in-cloud, inspecting both horizontal and vertical traffic flows in physical and virtual networks.
  • brings automated and integrated threat intelligence and expert human security-analyst threat hunting to your network to provide superior threat detection and response capabilities, leaving no threat undetected.
  • detects even the most concealed activities and utilizes our machine learning technologies to identify unknown threats, lateral movement, and malicious insider behaviour.
  • brings full forensic investigation capability into your environment and supports full packet capture for advanced investigation and evidence collection.
  • The collected data is transitioned to our XDR platform and correlated with other information collected from endpoints, applications, system logs, and public cloud instances. Within our rich threat intelligence ecosystem, threat indicators are transformed into the full attack kill chain and all attack stages as seen in various parts of the environment are identified.

HOW IT WORKS

The Overwatch Network Solution integrates into your network segments and inspects both inbound and outbound traffic in your environment in real time. The sensor appliances can tap into your branch offices, WAN segments, and cloud networks. 

All data is integrated into our XDR platform where threats are detected and blocked on the network perimeter and within the network in real time.

– Lateral movement
– Command & Control traffic
– Backdoors and tunnels
– Malware and botnet connections
– Internal port scanning and reconnaissance
– Password brute forcing

– Insider threats
– Impersonation and spoofing attacks
– Exploitation attempts
– Unauthorised remote access tools
– Rogue devices

Deep Network Visibility

Forensic Captures
Forensic Captures

Detailed recording of network metadata and full packet-level communications for investigations and forensic evidence gathering.

User Behavior
User Behavior

Network Solution analyses user and machine behavior and provides insights based on detected deviations and anomalies.

Network Baseline
Network Baseline

Get full visibility into your network and see who is talking to what to create a complete baseline for all internal and external connections.

Threat Detection and Response

24x7.png
24x7 Detection and Response

Automated and human-powered detection, threat hunting, and immediate threat response.

Magnifying-Glass-showing-Computer-Virus.png
Threat Intelligence

Detection is supported by our threat intelligence data, distributed to all Network Solution sensors in real time.

Automated Response
Automated Response

The detected threats can be immediately disrupted, at the network perimeter level or as a tactical within-the-network containment measure

Ongoing Assurance

Shield-Icon-With-Check.png
Security Policy Assurance

Ongoing assurance of your security posture with continuous network inspection and detection, identifying policy violations such as the use of unencrypted services, plain-text passwords, and shadow IT assets.

Risk Identification
Risk Identification

All collected data is translated into an organisation-level risk report, with a detailed security scorecard for all components of your environment.

Real Time Visualization
Real-Time Visualizations

Access real-time reporting and visualizations in your Customer Portal instance, constructing the whole enterprise scorecard in one click.