Managed NDRaaS 

Ensure visibility with Network Detection & Response

Corporate networks are often hybrid and spread across several locations. When it comes to cyber defence, it is important to maintain a complete overview, and this includes complex networks. With Network Detection & Response (NDR), you get the visibility back and can detect cyber attacks at an early stage.

Rapid anomaly detection

These days, the majority of network traffic is encrypted. This makes anomaly detection more difficult, such as when malware communicates with a command and control server via open standard ports. And even internal shadow IT, such as unofficial access points, remains undetected in encrypted traffic. An effective NDR solution must therefore be able to correlate signals from a range of sources and rapidly detect anomalies.

Your benefits

  • End-to-end visibility over your entire network
  • Reduction of analysis workload thanks to the automated correlation of security incidents
  • Reliable identification of internal shadow IT and unwanted cloud services

Zertifizierter AWS Partner

When is it the right solution?

The network is an important component of cyber defence. Companies require a wide range of security mechanisms to detect and block cyber attacks. You therefore need a solution to analyse the network traffic and rapidly detect anomalies as well as potential vulnerabilities – for novel types of attack too.

To analyse security incidents efficiently, the NDR solution needs to generate minimal false positives and enable the security experts to concentrate on the critical events. You cannot solely rely on known indicators of compromise to protect your company from new or varying patterns of attack. Unknown anomalies must also be registered to meet the required security standards.

Why Swisscom?

  • Located in Switzerland: Service from Swiss data centres.
  • Comprehensive: Analysis and correlation across different data sources.
  • Efficient: Simple deployment and maintenance without additional hardware and agents.

The first step

Downloads

Services in detail

Two service options are available. With the On-Premise version, the NDR appliance runs on your own infrastructure. With the Managed version, Swisscom operates the appliance in one of its own Swiss data centres.

On-Premise NDRaaS

  • Static and dynamic detection of cyber threats using machine learning
  • Detection and visualisation of cyber threats including in DNS traffic and through web proxies
  • Graphic display of all devices in the network including internal shadow IT
  • Support to operate the appliance
  • Optional analysis and assessment of security alerts in combination with Security Analytics as a Service/SOCaaS

Managed NDRaaS

  • Static and dynamic detection of cyber threats using machine learning
  • Detection and visualisation of cyber threats including in DNS traffic and through web proxies
  • Analysis and assessment of security alerts
  • Logging platform to compile and evaluate log files from various sources
  • Operation of appliance in Swisscom data centres
  • Optional analysis and assessment of security alerts in combination with Security Analytics as a Service/SOCaaS

Application examples

Use AI-enabled detection to identify advanced persistent threats (APTs) and automate certain steps in the threat hunting process.

Ransomware/Trojan attacks go through various phases lasting from a few days to several months. Detect these attacks at an early stage and react before the attackers press the kill switch to encrypt your systems.

Inventories and blacklists are often not up to date, leading to internal and external threats from shadow IT. Detect the use of unwanted cloud services and unauthorised devices in the network.

You can only protect what you can see. The graph database and specialised visualisations make it easy to browse billions of raw data points.

Register your security guidelines in the NDR solution for efficient monitoring and implementation of your requirements.

Network Detection & Response as part of the TDR portfolio

NDRaaS è un modulo analitico da aggiungere alle offerte di servizi di Threat Detection & Response. Una volta rilevate le minacce, i servizi possono occuparsi dell’analisi e della Incident Response.

Threat Detection and Response Overview

Our experts will be happy to answer your questions. Contact us.