Shipping Policy
24/7 Customer Support
Login/Register
Book an Appointment
Related Products
Description
Sophos Network Detection and Response (NDR) gives you a crucial new layer of visibility by monitoring traffic inside your network. While firewalls are great at inspecting traffic entering and leaving (North-South), Sophos NDR specializes in monitoring East-West traffic the communication between servers, endpoints, and other devices within your network.
This allows it to detect attackers who have already bypassed your perimeter and are moving laterally, scanning for data, or communicating with C2 servers. As a critical data source for Sophos XDR and MDR, NDR provides the 360-degree network visibility you need to spot the full attack chain.
Key Features & Benefits
- Monitors East-West Traffic: Detects suspicious activity inside your network perimeter, such as an attacker moving from one server to another.
- AI-Powered Detections: Uses machine learning to spot suspicious network flows, encrypted C2 traffic, and anomalous behavior.
- Full XDR/MDR Integration: Feeds network data directly into the Sophos Data Lake, allowing you or the MDR team to correlate network alerts with endpoint and firewall activity.
- Identify Rogue Devices: Discovers unmanaged or unknown devices on your network that could pose a risk.
- Cloud-Managed: Deploys as a lightweight sensor (e.g., a virtual machine) that is fully managed from Sophos Central.
Why Buy From Softech.store?
- ✔ Sophos Platinum Partner: We are a top-tier, authorized partner for all Sophos licenses and services.
- ✔ Expert Network Architecture: Our team can help you correctly deploy NDR sensors to get full visibility of your network.
- ✔ Guaranteed Authentic Licenses: Get official Sophos licenses co-termed with your XDR or MDR subscription.
Sophos Firewall (IPS) vs. Sophos NDR
A firewall and NDR work together to provide complete network security. A firewall protects the perimeter (North-South), while NDR protects the interior (East-West).
| Capability | Sophos XGS Firewall | Sophos NDR (This Product) |
|---|---|---|
| Primary Focus | Perimeter (North-South Traffic) | Internal (East-West Traffic) |
| Blocks Threats at the Edge | ✓ | ✗ |
| Detects Lateral Movement | ✗ | ✓ |
| Identifies Rogue/Unmanaged Devices | ✗ | ✓ |
| Best For | Blocking external threats | Detecting internal threats |
FAQs for Sophos NDR
Q: What is "East-West" traffic?
A: "North-South" traffic is data that enters or leaves your network (e.g., a user browsing the internet). "East-West" traffic is data that moves inside your network (e.g., a server communicating with another server, or a user accessing an internal file share). Attackers often use East-West traffic to find valuable data, and NDR is designed to see it.
Q: How is Sophos NDR licensed?
A: Sophos NDR is an integration that feeds data into the Sophos Data Lake. It requires a license for Sophos XDR or Sophos MDR. It is licensed based on the number of users and/or servers covered by your XDR/MDR subscription.
Q: How is NDR deployed?
A: Sophos NDR is deployed as a lightweight sensor (a virtual appliance) on your network. You configure a switch port (SPAN/mirror port) to send a copy of all network traffic to this sensor. The sensor then analyzes this traffic and sends metadata to Sophos Central.