Network Detection and Response
Eliminate Your Network Blind Spots
The NDR solution acts on multiple stages of the kill chain. Early on, NDR checks for malware during delivery. Further in, to protect against existing intrusions, NDR assigns threat scores to internal assets. This surfaces suspicious activity, making it possible for you to act when malicious software attempts to communicate outside the WAN or spread laterally. SASE integrated monitoring, with a combination of human and machine intelligence, provides the detection and actionable alerts needed to prevent sophisticated attacks.
Why Choose Open Systems NDR?
Aggregate Enterprise-Wide Monitoring
A holistic view of threats across your network
See Everything
in Detail
From global risk scores to packet-level details
Enable Fast Analysis and Response
We’ll triage events for you, and escalate as needed
Machine Learning Drives Better Analysis
We’re continuously tuning for more signal, less noise
How It Works
Actionable Insight
Network Detection and Response detects compromised systems quickly and enables efficient analysis and response. Using a combination of protocol and signature inspection methods to analyze traffic and detect threats, our service provides a holistic view of suspicious hosts and assigns a threat score to each of them. Contrary to conventional detection systems, Network Detection & Response is built around—and focuses on—the security of end-users rather than on individual events.
Global Visibility
The Network Detection and Response dashboard provides a real-time, global view of current network threats. Drill down for host details and even single event details. We proactively monitor your network 24×7, correlate event data from numerous sensors, and assign a threat score that gives you an indication of whether an end-user may be affected. We then work with you to mitigate suspicious activity.
Escalation Management
With our escalation management, Open Systems engineers perform a triaging process on high threat-score hosts to provide initial classifications of alerts based on contextual information and event analysis. Suspicious host alerts are escalated to you for verification and further action, while more routine or vague alerts are resolved by us—while you focus on your business.
Global Threat Isolation
If malware is able to penetrate your network, it will typically pursue two objectives: to spread laterally within your network while avoiding detection, and to communicate with an external command and control server. Our Global Threat Isolation feature provides an effective response to both these actions by immediately blocking any outbound connection from a host on the network level — whether it’s to an external server or to other hosts within the network — thus isolating the affected host.
Network Detection and Response detects compromised systems quickly and enables efficient analysis and response. Using a combination of protocol and signature inspection methods to analyze traffic and detect threats, our service provides a holistic view of suspicious hosts and assigns a threat score to each of them. Contrary to conventional detection systems, Network Detection & Response is built around—and focuses on—the security of end-users rather than on individual events.
The Network Detection and Response dashboard provides a real-time, global view of current network threats. Drill down for host details and even single event details. We proactively monitor your network 24×7, correlate event data from numerous sensors, and assign a threat score that gives you an indication of whether an end-user may be affected. We then work with you to mitigate suspicious activity.
With our escalation management, Open Systems engineers perform a triaging process on high threat-score hosts to provide initial classifications of alerts based on contextual information and event analysis. Suspicious host alerts are escalated to you for verification and further action, while more routine or vague alerts are resolved by us—while you focus on your business.
If malware is able to penetrate your network, it will typically pursue two objectives: to spread laterally within your network while avoiding detection, and to communicate with an external command and control server. Our Global Threat Isolation feature provides an effective response to both these actions by immediately blocking any outbound connection from a host on the network level — whether it’s to an external server or to other hosts within the network — thus isolating the affected host.
Unmanaged vs. Managed NDR
For both unmanaged and managed NDR services, network traffic is constantly analyzed for suspicious patterns. All events are automatically correlated in one central place. Whenever the correlation leads to a high threat score a ticket is generated.
Unmanaged
The ticket is not escalated to Open Systems operations. Customers analyze the events internally and then actively tune the correlations themselves.
Managed
A ticket is escalated to operations where an Open Systems engineer analyzes the event. Customers only get alerted if the event is categorized as suspicious. In addition, our engineers constantly tune and improve the correlation system, based on event feedback from the customer.
How To Buy
The MDR+ service plan includes continuous monitoring of the network, automated, rule-based detection of network threats as well as the analysis and the remediation through expert-level engineers in our 24×7 Security Operations Center (SOC).
