Managed NDRaaS

Ensure visibility with Network Detection & Response

Corporate networks are often hybrid and spread across several locations. When it comes to cyber defence, it is important to maintain a complete overview, and this includes complex networks.

With Network Detection & Response (NDR), you get the visibility back and can detect cyber attacks at an early stage.

Rapid anomaly detection

These days, the majority of network traffic is encrypted. This makes anomaly detection more difficult, such as when malware communicates with a command and control server via open standard ports. And even internal shadow IT, such as unofficial access points, remains undetected in encrypted traffic. An effective NDR solution must therefore be able to correlate signals from a range of sources and rapidly detect anomalies.

When is it the right solution?

The network is an important component of cyber defence. Companies require a wide range of security mechanisms to detect and block cyber attacks. You therefore need a solution to analyse the network traffic and rapidly detect anomalies as well as potential vulnerabilities – for novel types of attack too.

To analyse security incidents efficiently, the NDR solution needs to generate minimal false positives and enable the security experts to concentrate on the critical events. You cannot solely rely on known indicators of compromise to protect your company from new or varying patterns of attack. Unknown anomalies must also be registered to meet the required security standards.

Your benefits:

End-to-end visibility over your entire network
Reduction of analysis workload thanks to the automated correlation of security incidents
Reliable identification of internal shadow IT and unwanted cloud services

The first step

Contact us

Would you like personal advice on the Network Detection & Response options available? Get in touch without obligation.

Downloads

Network Detection & Response factsheet

Services in detail

Two service options are available. With the On-Premise version, the NDR appliance runs on your own infrastructure. With the Managed version, Swisscom operates the appliance in one of its own Swiss data centres.

Static and dynamic detection of cyber threats using machine learning
Detection and visualisation of cyber threats including in DNS traffic and through web proxies
Graphic display of all devices in the network including internal shadow IT
Support to operate the appliance
Optional analysis and assessment of security alerts in combination with Security Analytics as a Service/SOCaaS

Static and dynamic detection of cyber threats using machine learning
Detection and visualisation of cyber threats including in DNS traffic and through web proxies
Analysis and assessment of security alerts
Logging platform to compile and evaluate log files from various sources
Operation of appliance in Swisscom data centres
Optional analysis and assessment of security alerts in combination with Security Analytics as a Service/SOCaaS

Application examples

Detection of covert data leaks

Use AI-enabled detection to identify advanced persistent threats (APTs) and automate certain steps in the threat hunting process.

Early ransomware detection

Ransomware/Trojan attacks go through various phases lasting from a few days to several months. Detect these attacks at an early stage and react before the attackers press the kill switch to encrypt your systems.

Identification of shadow IT

Inventories and blacklists are often not up to date, leading to internal and external threats from shadow IT. Detect the use of unwanted cloud services and unauthorised devices in the network.

Visualisation of the current threat status

You can only protect what you can see. The graph database and specialised visualisations make it easy to browse billions of raw data points.

Implementation of security guidelines

Network Detection & Response as part of the TDR portfolio

As an analytical module, NDRaaS complements the Threat Detection & Response service offerings. Detected threats can then be further processed via the services for analysis and incident response.